diff --git a/1999/CVE-1999-0524.json b/1999/CVE-1999-0524.json new file mode 100644 index 0000000000..015b8ded6b --- /dev/null +++ b/1999/CVE-1999-0524.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946163, + "name": "CVE-1999-0524", + "full_name": "Live-Hack-CVE\/CVE-1999-0524", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-1999-0524", + "description": "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:00Z", + "updated_at": "2022-12-28T10:07:00Z", + "pushed_at": "2022-12-28T10:07:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2002/CVE-2002-20001.json b/2002/CVE-2002-20001.json index 9a747d1ae2..11950082ec 100644 --- a/2002/CVE-2002-20001.json +++ b/2002/CVE-2002-20001.json @@ -48,5 +48,34 @@ "forks": 11, "watchers": 138, "score": 0 + }, + { + "id": 582969598, + "name": "CVE-2002-20001", + "full_name": "Live-Hack-CVE\/CVE-2002-20001", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2002-20001", + "description": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The a CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:18Z", + "updated_at": "2022-12-28T11:32:18Z", + "pushed_at": "2022-12-28T11:32:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2009/CVE-2009-2265.json b/2009/CVE-2009-2265.json index a508105548..6ea4b1d0af 100644 --- a/2009/CVE-2009-2265.json +++ b/2009/CVE-2009-2265.json @@ -107,10 +107,10 @@ "description": "ColdFusion 8.0.1 - Arbitrary File Upload to RCE", "fork": false, "created_at": "2022-03-31T08:52:08Z", - "updated_at": "2022-10-31T23:20:13Z", + "updated_at": "2022-12-28T09:25:07Z", "pushed_at": "2022-04-14T02:55:54Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -119,7 +119,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/2011/CVE-2011-4329.json b/2011/CVE-2011-4329.json new file mode 100644 index 0000000000..a690b2b5e5 --- /dev/null +++ b/2011/CVE-2011-4329.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911851, + "name": "CVE-2011-4329", + "full_name": "Live-Hack-CVE\/CVE-2011-4329", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2011-4329", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin\/company.php, or the PATH_INFO to (2) admin\/security_other.php, (3) admin\/events.php, or (4) admin\/user.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:03Z", + "updated_at": "2022-12-28T08:01:03Z", + "pushed_at": "2022-12-28T08:01:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2011/CVE-2011-4802.json b/2011/CVE-2011-4802.json new file mode 100644 index 0000000000..011efc2eba --- /dev/null +++ b/2011/CVE-2011-4802.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911903, + "name": "CVE-2011-4802", + "full_name": "Live-Hack-CVE\/CVE-2011-4802", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2011-4802", + "description": "Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user\/index.php and (b) user\/group\/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:18Z", + "updated_at": "2022-12-28T08:01:18Z", + "pushed_at": "2022-12-28T08:01:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2011/CVE-2011-4814.json b/2011/CVE-2011-4814.json new file mode 100644 index 0000000000..db13bcebce --- /dev/null +++ b/2011/CVE-2011-4814.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911891, + "name": "CVE-2011-4814", + "full_name": "Live-Hack-CVE\/CVE-2011-4814", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2011-4814", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin\/boxes.php, (3) comm\/clients.php, (4) commande\/index.php; and the optioncss parameter to (5) admin\/ihm.php and (6) user CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:14Z", + "updated_at": "2022-12-28T08:01:14Z", + "pushed_at": "2022-12-28T08:01:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2012/CVE-2012-1225.json b/2012/CVE-2012-1225.json new file mode 100644 index 0000000000..5d6471d5a2 --- /dev/null +++ b/2012/CVE-2012-1225.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912069, + "name": "CVE-2012-1225", + "full_name": "Live-Hack-CVE\/CVE-2012-1225", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2012-1225", + "description": "Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents\/fiche.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:01Z", + "updated_at": "2022-12-28T08:02:01Z", + "pushed_at": "2022-12-28T08:02:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2012/CVE-2012-1226.json b/2012/CVE-2012-1226.json new file mode 100644 index 0000000000..ca1b477438 --- /dev/null +++ b/2012/CVE-2012-1226.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911972, + "name": "CVE-2012-1226", + "full_name": "Live-Hack-CVE\/CVE-2012-1226", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2012-1226", + "description": "Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm\/action\/fiche.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:36Z", + "updated_at": "2022-12-28T08:01:37Z", + "pushed_at": "2022-12-28T08:01:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0881.json b/2013/CVE-2013-0881.json new file mode 100644 index 0000000000..a365d0ec97 --- /dev/null +++ b/2013/CVE-2013-0881.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892573, + "name": "CVE-2013-0881", + "full_name": "Live-Hack-CVE\/CVE-2013-0881", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0881", + "description": "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:51Z", + "updated_at": "2022-12-28T06:43:51Z", + "pushed_at": "2022-12-28T06:43:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0882.json b/2013/CVE-2013-0882.json new file mode 100644 index 0000000000..a873822925 --- /dev/null +++ b/2013/CVE-2013-0882.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892538, + "name": "CVE-2013-0882", + "full_name": "Live-Hack-CVE\/CVE-2013-0882", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0882", + "description": "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:43Z", + "updated_at": "2022-12-28T06:43:43Z", + "pushed_at": "2022-12-28T06:43:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0883.json b/2013/CVE-2013-0883.json new file mode 100644 index 0000000000..30af655522 --- /dev/null +++ b/2013/CVE-2013-0883.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892552, + "name": "CVE-2013-0883", + "full_name": "Live-Hack-CVE\/CVE-2013-0883", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0883", + "description": "Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:46Z", + "updated_at": "2022-12-28T06:43:46Z", + "pushed_at": "2022-12-28T06:43:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0884.json b/2013/CVE-2013-0884.json new file mode 100644 index 0000000000..fce978ebd2 --- /dev/null +++ b/2013/CVE-2013-0884.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891335, + "name": "CVE-2013-0884", + "full_name": "Live-Hack-CVE\/CVE-2013-0884", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0884", + "description": "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:02Z", + "updated_at": "2022-12-28T06:39:02Z", + "pushed_at": "2022-12-28T06:39:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0885.json b/2013/CVE-2013-0885.json new file mode 100644 index 0000000000..12ee84a7db --- /dev/null +++ b/2013/CVE-2013-0885.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891314, + "name": "CVE-2013-0885", + "full_name": "Live-Hack-CVE\/CVE-2013-0885", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0885", + "description": "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:58Z", + "updated_at": "2022-12-28T06:38:58Z", + "pushed_at": "2022-12-28T06:39:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0887.json b/2013/CVE-2013-0887.json new file mode 100644 index 0000000000..8cacfb19b6 --- /dev/null +++ b/2013/CVE-2013-0887.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891471, + "name": "CVE-2013-0887", + "full_name": "Live-Hack-CVE\/CVE-2013-0887", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0887", + "description": "The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:36Z", + "updated_at": "2022-12-28T06:39:36Z", + "pushed_at": "2022-12-28T06:39:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0888.json b/2013/CVE-2013-0888.json new file mode 100644 index 0000000000..5599d6d3ef --- /dev/null +++ b/2013/CVE-2013-0888.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892630, + "name": "CVE-2013-0888", + "full_name": "Live-Hack-CVE\/CVE-2013-0888", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0888", + "description": "Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a \"user gesture check for dangerous file downloads.\" CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:08Z", + "updated_at": "2022-12-28T06:44:08Z", + "pushed_at": "2022-12-28T06:44:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0889.json b/2013/CVE-2013-0889.json new file mode 100644 index 0000000000..0cbff57612 --- /dev/null +++ b/2013/CVE-2013-0889.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892603, + "name": "CVE-2013-0889", + "full_name": "Live-Hack-CVE\/CVE-2013-0889", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0889", + "description": "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:59Z", + "updated_at": "2022-12-28T06:44:00Z", + "pushed_at": "2022-12-28T06:44:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0890.json b/2013/CVE-2013-0890.json new file mode 100644 index 0000000000..b2b9ce4290 --- /dev/null +++ b/2013/CVE-2013-0890.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892615, + "name": "CVE-2013-0890", + "full_name": "Live-Hack-CVE\/CVE-2013-0890", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0890", + "description": "Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:04Z", + "updated_at": "2022-12-28T06:44:04Z", + "pushed_at": "2022-12-28T06:44:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0891.json b/2013/CVE-2013-0891.json new file mode 100644 index 0000000000..37451d7117 --- /dev/null +++ b/2013/CVE-2013-0891.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891299, + "name": "CVE-2013-0891", + "full_name": "Live-Hack-CVE\/CVE-2013-0891", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0891", + "description": "Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:54Z", + "updated_at": "2022-12-28T06:38:54Z", + "pushed_at": "2022-12-28T06:38:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0892.json b/2013/CVE-2013-0892.json new file mode 100644 index 0000000000..45bb91df5f --- /dev/null +++ b/2013/CVE-2013-0892.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891284, + "name": "CVE-2013-0892", + "full_name": "Live-Hack-CVE\/CVE-2013-0892", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0892", + "description": "Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:50Z", + "updated_at": "2022-12-28T06:38:50Z", + "pushed_at": "2022-12-28T06:38:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0893.json b/2013/CVE-2013-0893.json new file mode 100644 index 0000000000..853842316e --- /dev/null +++ b/2013/CVE-2013-0893.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891270, + "name": "CVE-2013-0893", + "full_name": "Live-Hack-CVE\/CVE-2013-0893", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0893", + "description": "Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:47Z", + "updated_at": "2022-12-28T06:38:47Z", + "pushed_at": "2022-12-28T06:38:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0895.json b/2013/CVE-2013-0895.json new file mode 100644 index 0000000000..34802f7440 --- /dev/null +++ b/2013/CVE-2013-0895.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891252, + "name": "CVE-2013-0895", + "full_name": "Live-Hack-CVE\/CVE-2013-0895", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0895", + "description": "Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:43Z", + "updated_at": "2022-12-28T06:38:43Z", + "pushed_at": "2022-12-28T06:38:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0896.json b/2013/CVE-2013-0896.json new file mode 100644 index 0000000000..4576a68e8a --- /dev/null +++ b/2013/CVE-2013-0896.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891239, + "name": "CVE-2013-0896", + "full_name": "Live-Hack-CVE\/CVE-2013-0896", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0896", + "description": "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:39Z", + "updated_at": "2022-12-28T06:38:39Z", + "pushed_at": "2022-12-28T06:38:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0897.json b/2013/CVE-2013-0897.json new file mode 100644 index 0000000000..be7c3eca5d --- /dev/null +++ b/2013/CVE-2013-0897.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891227, + "name": "CVE-2013-0897", + "full_name": "Live-Hack-CVE\/CVE-2013-0897", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0897", + "description": "Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:36Z", + "updated_at": "2022-12-28T06:38:36Z", + "pushed_at": "2022-12-28T06:38:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-0900.json b/2013/CVE-2013-0900.json new file mode 100644 index 0000000000..2333e0f53b --- /dev/null +++ b/2013/CVE-2013-0900.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891208, + "name": "CVE-2013-0900", + "full_name": "Live-Hack-CVE\/CVE-2013-0900", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-0900", + "description": "Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:32Z", + "updated_at": "2022-12-28T06:38:32Z", + "pushed_at": "2022-12-28T06:38:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-2091.json b/2013/CVE-2013-2091.json new file mode 100644 index 0000000000..bde216b737 --- /dev/null +++ b/2013/CVE-2013-2091.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911944, + "name": "CVE-2013-2091", + "full_name": "Live-Hack-CVE\/CVE-2013-2091", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-2091", + "description": "SQL injection vulnerability in Dolibarr ERP\/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:29Z", + "updated_at": "2022-12-28T08:01:29Z", + "pushed_at": "2022-12-28T08:01:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-2092.json b/2013/CVE-2013-2092.json new file mode 100644 index 0000000000..758cbbc789 --- /dev/null +++ b/2013/CVE-2013-2092.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911936, + "name": "CVE-2013-2092", + "full_name": "Live-Hack-CVE\/CVE-2013-2092", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-2092", + "description": "Cross-site Scripting (XSS) in Dolibarr ERP\/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:26Z", + "updated_at": "2022-12-28T08:01:26Z", + "pushed_at": "2022-12-28T08:01:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-2093.json b/2013/CVE-2013-2093.json new file mode 100644 index 0000000000..20b4f20648 --- /dev/null +++ b/2013/CVE-2013-2093.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912098, + "name": "CVE-2013-2093", + "full_name": "Live-Hack-CVE\/CVE-2013-2093", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-2093", + "description": "Dolibarr ERP\/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:08Z", + "updated_at": "2022-12-28T08:02:08Z", + "pushed_at": "2022-12-28T08:02:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-6641.json b/2013/CVE-2013-6641.json new file mode 100644 index 0000000000..a2db864fcc --- /dev/null +++ b/2013/CVE-2013-6641.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948797, + "name": "CVE-2013-6641", + "full_name": "Live-Hack-CVE\/CVE-2013-6641", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-6641", + "description": "Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core\/html\/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecifie CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:03Z", + "updated_at": "2022-12-28T10:16:03Z", + "pushed_at": "2022-12-28T10:16:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-6644.json b/2013/CVE-2013-6644.json new file mode 100644 index 0000000000..e9666f690a --- /dev/null +++ b/2013/CVE-2013-6644.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948775, + "name": "CVE-2013-6644", + "full_name": "Live-Hack-CVE\/CVE-2013-6644", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-6644", + "description": "Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:58Z", + "updated_at": "2022-12-28T10:15:58Z", + "pushed_at": "2022-12-28T10:16:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-6645.json b/2013/CVE-2013-6645.json new file mode 100644 index 0000000000..417d5911b0 --- /dev/null +++ b/2013/CVE-2013-6645.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948812, + "name": "CVE-2013-6645", + "full_name": "Live-Hack-CVE\/CVE-2013-6645", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-6645", + "description": "Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content\/browser\/web_contents\/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecif CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:07Z", + "updated_at": "2022-12-28T10:16:07Z", + "pushed_at": "2022-12-28T10:16:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2013/CVE-2013-6646.json b/2013/CVE-2013-6646.json new file mode 100644 index 0000000000..cdd3425ddf --- /dev/null +++ b/2013/CVE-2013-6646.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948911, + "name": "CVE-2013-6646", + "full_name": "Live-Hack-CVE\/CVE-2013-6646", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2013-6646", + "description": "Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:28Z", + "updated_at": "2022-12-28T10:16:28Z", + "pushed_at": "2022-12-28T10:16:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-0160.json b/2014/CVE-2014-0160.json index ea694f80c8..0b653d2cb4 100644 --- a/2014/CVE-2014-0160.json +++ b/2014/CVE-2014-0160.json @@ -1663,5 +1663,34 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 582935751, + "name": "CVE-2014-0160", + "full_name": "Live-Hack-CVE\/CVE-2014-0160", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-0160", + "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:04Z", + "updated_at": "2022-12-28T09:30:04Z", + "pushed_at": "2022-12-28T09:30:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2014/CVE-2014-1705.json b/2014/CVE-2014-1705.json new file mode 100644 index 0000000000..d67a2fb89c --- /dev/null +++ b/2014/CVE-2014-1705.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957767, + "name": "CVE-2014-1705", + "full_name": "Live-Hack-CVE\/CVE-2014-1705", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1705", + "description": "Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:38Z", + "updated_at": "2022-12-28T10:48:38Z", + "pushed_at": "2022-12-28T10:48:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1713.json b/2014/CVE-2014-1713.json new file mode 100644 index 0000000000..71103ed267 --- /dev/null +++ b/2014/CVE-2014-1713.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957723, + "name": "CVE-2014-1713", + "full_name": "Live-Hack-CVE\/CVE-2014-1713", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1713", + "description": "Use-after-free vulnerability in the AttributeSetter function in bindings\/templates\/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:30Z", + "updated_at": "2022-12-28T10:48:30Z", + "pushed_at": "2022-12-28T10:48:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1714.json b/2014/CVE-2014-1714.json new file mode 100644 index 0000000000..0ee438179d --- /dev/null +++ b/2014/CVE-2014-1714.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957744, + "name": "CVE-2014-1714", + "full_name": "Live-Hack-CVE\/CVE-2014-1714", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1714", + "description": "The ScopedClipboardWriter::WritePickledData function in ui\/base\/clipboard\/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:34Z", + "updated_at": "2022-12-28T10:48:34Z", + "pushed_at": "2022-12-28T10:48:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1715.json b/2014/CVE-2014-1715.json new file mode 100644 index 0000000000..d6d4d76671 --- /dev/null +++ b/2014/CVE-2014-1715.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957700, + "name": "CVE-2014-1715", + "full_name": "Live-Hack-CVE\/CVE-2014-1715", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1715", + "description": "Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:26Z", + "updated_at": "2022-12-28T10:48:26Z", + "pushed_at": "2022-12-28T10:48:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1730.json b/2014/CVE-2014-1730.json new file mode 100644 index 0000000000..93e96b585d --- /dev/null +++ b/2014/CVE-2014-1730.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957608, + "name": "CVE-2014-1730", + "full_name": "Live-Hack-CVE\/CVE-2014-1730", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1730", + "description": "Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging \"type confusion\" and reading property values, related to i18n.js and r CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:07Z", + "updated_at": "2022-12-28T10:48:07Z", + "pushed_at": "2022-12-28T10:48:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1731.json b/2014/CVE-2014-1731.json new file mode 100644 index 0000000000..2d09b8bdb8 --- /dev/null +++ b/2014/CVE-2014-1731.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957627, + "name": "CVE-2014-1731", + "full_name": "Live-Hack-CVE\/CVE-2014-1731", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1731", + "description": "core\/html\/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified othe CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:11Z", + "updated_at": "2022-12-28T10:48:11Z", + "pushed_at": "2022-12-28T10:48:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1732.json b/2014/CVE-2014-1732.json new file mode 100644 index 0000000000..9d00b1e3ca --- /dev/null +++ b/2014/CVE-2014-1732.json @@ -0,0 +1,31 @@ +[ + { + "id": 582949006, + "name": "CVE-2014-1732", + "full_name": "Live-Hack-CVE\/CVE-2014-1732", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1732", + "description": "Use-after-free vulnerability in browser\/ui\/views\/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence o CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:43Z", + "updated_at": "2022-12-28T10:16:43Z", + "pushed_at": "2022-12-28T10:16:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1733.json b/2014/CVE-2014-1733.json new file mode 100644 index 0000000000..d65a0601a3 --- /dev/null +++ b/2014/CVE-2014-1733.json @@ -0,0 +1,31 @@ +[ + { + "id": 582949061, + "name": "CVE-2014-1733", + "full_name": "Live-Hack-CVE\/CVE-2014-1733", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1733", + "description": "The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:54Z", + "updated_at": "2022-12-28T10:17:14Z", + "pushed_at": "2022-12-28T10:16:56Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1734.json b/2014/CVE-2014-1734.json new file mode 100644 index 0000000000..5ead503361 --- /dev/null +++ b/2014/CVE-2014-1734.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957669, + "name": "CVE-2014-1734", + "full_name": "Live-Hack-CVE\/CVE-2014-1734", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1734", + "description": "Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:19Z", + "updated_at": "2022-12-28T10:48:19Z", + "pushed_at": "2022-12-28T10:48:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1735.json b/2014/CVE-2014-1735.json new file mode 100644 index 0000000000..6d12710d55 --- /dev/null +++ b/2014/CVE-2014-1735.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957855, + "name": "CVE-2014-1735", + "full_name": "Live-Hack-CVE\/CVE-2014-1735", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1735", + "description": "Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:59Z", + "updated_at": "2022-12-28T10:48:59Z", + "pushed_at": "2022-12-28T10:49:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-1736.json b/2014/CVE-2014-1736.json new file mode 100644 index 0000000000..210c421924 --- /dev/null +++ b/2014/CVE-2014-1736.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957681, + "name": "CVE-2014-1736", + "full_name": "Live-Hack-CVE\/CVE-2014-1736", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-1736", + "description": "Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:22Z", + "updated_at": "2022-12-28T10:48:22Z", + "pushed_at": "2022-12-28T10:48:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-3166.json b/2014/CVE-2014-3166.json new file mode 100644 index 0000000000..035a63ec42 --- /dev/null +++ b/2014/CVE-2014-3166.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957649, + "name": "CVE-2014-3166", + "full_name": "Live-Hack-CVE\/CVE-2014-3166", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-3166", + "description": "The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:15Z", + "updated_at": "2022-12-28T10:48:15Z", + "pushed_at": "2022-12-28T10:48:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-3991.json b/2014/CVE-2014-3991.json new file mode 100644 index 0000000000..7ac0c15741 --- /dev/null +++ b/2014/CVE-2014-3991.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911862, + "name": "CVE-2014-3991", + "full_name": "Live-Hack-CVE\/CVE-2014-3991", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-3991", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP\/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:07Z", + "updated_at": "2022-12-28T08:01:07Z", + "pushed_at": "2022-12-28T08:01:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-3992.json b/2014/CVE-2014-3992.json new file mode 100644 index 0000000000..5e65ed2438 --- /dev/null +++ b/2014/CVE-2014-3992.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911919, + "name": "CVE-2014-3992", + "full_name": "Live-Hack-CVE\/CVE-2014-3992", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-3992", + "description": "Multiple SQL injection vulnerabilities in Dolibarr ERP\/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user\/fiche.php or (2) sortorder parameter to user\/group\/index.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:21Z", + "updated_at": "2022-12-28T08:01:22Z", + "pushed_at": "2022-12-28T08:01:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-4717.json b/2014/CVE-2014-4717.json new file mode 100644 index 0000000000..ecc382d647 --- /dev/null +++ b/2014/CVE-2014-4717.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936729, + "name": "CVE-2014-4717", + "full_name": "Live-Hack-CVE\/CVE-2014-4717", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2014-4717", + "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-adm CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:29Z", + "updated_at": "2022-12-28T09:33:29Z", + "pushed_at": "2022-12-28T09:33:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-1019.json b/2016/CVE-2016-1019.json new file mode 100644 index 0000000000..344bc6114f --- /dev/null +++ b/2016/CVE-2016-1019.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948832, + "name": "CVE-2016-1019", + "full_name": "Live-Hack-CVE\/CVE-2016-1019", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-1019", + "description": "Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:11Z", + "updated_at": "2022-12-28T10:16:11Z", + "pushed_at": "2022-12-28T10:16:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-2031.json b/2016/CVE-2016-2031.json new file mode 100644 index 0000000000..f75a504312 --- /dev/null +++ b/2016/CVE-2016-2031.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959170, + "name": "CVE-2016-2031", + "full_name": "Live-Hack-CVE\/CVE-2016-2031", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-2031", + "description": "Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:53:53Z", + "updated_at": "2022-12-28T10:53:53Z", + "pushed_at": "2022-12-28T10:53:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4271.json b/2016/CVE-2016-4271.json new file mode 100644 index 0000000000..4f04172108 --- /dev/null +++ b/2016/CVE-2016-4271.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946103, + "name": "CVE-2016-4271", + "full_name": "Live-Hack-CVE\/CVE-2016-4271", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4271", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a \"local CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:50Z", + "updated_at": "2022-12-28T10:06:50Z", + "pushed_at": "2022-12-28T10:06:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4273.json b/2016/CVE-2016-4273.json new file mode 100644 index 0000000000..030b77b8e4 --- /dev/null +++ b/2016/CVE-2016-4273.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893011, + "name": "CVE-2016-4273", + "full_name": "Live-Hack-CVE\/CVE-2016-4273", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4273", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-698 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:29Z", + "updated_at": "2022-12-28T06:45:29Z", + "pushed_at": "2022-12-28T06:45:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4274.json b/2016/CVE-2016-4274.json new file mode 100644 index 0000000000..19d426d4e7 --- /dev/null +++ b/2016/CVE-2016-4274.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946083, + "name": "CVE-2016-4274", + "full_name": "Live-Hack-CVE\/CVE-2016-4274", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4274", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4275, CVE-2016-4276, CVE-2016-428 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:46Z", + "updated_at": "2022-12-28T10:06:46Z", + "pushed_at": "2022-12-28T10:06:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4275.json b/2016/CVE-2016-4275.json new file mode 100644 index 0000000000..580862a7c0 --- /dev/null +++ b/2016/CVE-2016-4275.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946138, + "name": "CVE-2016-4275", + "full_name": "Live-Hack-CVE\/CVE-2016-4275", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4275", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4276, CVE-2016-428 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:57Z", + "updated_at": "2022-12-28T10:06:57Z", + "pushed_at": "2022-12-28T10:06:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4276.json b/2016/CVE-2016-4276.json new file mode 100644 index 0000000000..15675f9e34 --- /dev/null +++ b/2016/CVE-2016-4276.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946126, + "name": "CVE-2016-4276", + "full_name": "Live-Hack-CVE\/CVE-2016-4276", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4276", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-428 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:53Z", + "updated_at": "2022-12-28T10:06:54Z", + "pushed_at": "2022-12-28T10:06:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4277.json b/2016/CVE-2016-4277.json new file mode 100644 index 0000000000..8fe77e6692 --- /dev/null +++ b/2016/CVE-2016-4277.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948554, + "name": "CVE-2016-4277", + "full_name": "Live-Hack-CVE\/CVE-2016-4277", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4277", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4278. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:06Z", + "updated_at": "2022-12-28T10:15:06Z", + "pushed_at": "2022-12-28T10:15:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4280.json b/2016/CVE-2016-4280.json new file mode 100644 index 0000000000..319a4669ad --- /dev/null +++ b/2016/CVE-2016-4280.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948627, + "name": "CVE-2016-4280", + "full_name": "Live-Hack-CVE\/CVE-2016-4280", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4280", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:22Z", + "updated_at": "2022-12-28T10:15:22Z", + "pushed_at": "2022-12-28T10:15:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4281.json b/2016/CVE-2016-4281.json new file mode 100644 index 0000000000..f0d70e5a9b --- /dev/null +++ b/2016/CVE-2016-4281.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948611, + "name": "CVE-2016-4281", + "full_name": "Live-Hack-CVE\/CVE-2016-4281", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4281", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:18Z", + "updated_at": "2022-12-28T10:15:18Z", + "pushed_at": "2022-12-28T10:15:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4282.json b/2016/CVE-2016-4282.json new file mode 100644 index 0000000000..d925a643da --- /dev/null +++ b/2016/CVE-2016-4282.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948595, + "name": "CVE-2016-4282", + "full_name": "Live-Hack-CVE\/CVE-2016-4282", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4282", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:15Z", + "updated_at": "2022-12-28T10:15:15Z", + "pushed_at": "2022-12-28T10:15:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4283.json b/2016/CVE-2016-4283.json new file mode 100644 index 0000000000..e4f41b44bd --- /dev/null +++ b/2016/CVE-2016-4283.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948753, + "name": "CVE-2016-4283", + "full_name": "Live-Hack-CVE\/CVE-2016-4283", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4283", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:54Z", + "updated_at": "2022-12-28T10:15:55Z", + "pushed_at": "2022-12-28T10:15:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4284.json b/2016/CVE-2016-4284.json new file mode 100644 index 0000000000..799ee617e6 --- /dev/null +++ b/2016/CVE-2016-4284.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948734, + "name": "CVE-2016-4284", + "full_name": "Live-Hack-CVE\/CVE-2016-4284", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4284", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:51Z", + "updated_at": "2022-12-28T10:15:51Z", + "pushed_at": "2022-12-28T10:15:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4285.json b/2016/CVE-2016-4285.json new file mode 100644 index 0000000000..25db1bcffc --- /dev/null +++ b/2016/CVE-2016-4285.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948721, + "name": "CVE-2016-4285", + "full_name": "Live-Hack-CVE\/CVE-2016-4285", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4285", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:47Z", + "updated_at": "2022-12-28T10:15:47Z", + "pushed_at": "2022-12-28T10:15:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-4287.json b/2016/CVE-2016-4287.json new file mode 100644 index 0000000000..ef791c2422 --- /dev/null +++ b/2016/CVE-2016-4287.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948576, + "name": "CVE-2016-4287", + "full_name": "Live-Hack-CVE\/CVE-2016-4287", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-4287", + "description": "Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:11Z", + "updated_at": "2022-12-28T10:15:11Z", + "pushed_at": "2022-12-28T10:15:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6922.json b/2016/CVE-2016-6922.json new file mode 100644 index 0000000000..fc5ab34870 --- /dev/null +++ b/2016/CVE-2016-6922.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946058, + "name": "CVE-2016-6922", + "full_name": "Live-Hack-CVE\/CVE-2016-6922", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6922", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:40Z", + "updated_at": "2022-12-28T10:06:40Z", + "pushed_at": "2022-12-28T10:06:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6924.json b/2016/CVE-2016-6924.json new file mode 100644 index 0000000000..775bcfab13 --- /dev/null +++ b/2016/CVE-2016-6924.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948545, + "name": "CVE-2016-6924", + "full_name": "Live-Hack-CVE\/CVE-2016-6924", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6924", + "description": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-427 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:15:02Z", + "updated_at": "2022-12-28T10:15:02Z", + "pushed_at": "2022-12-28T10:15:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6981.json b/2016/CVE-2016-6981.json new file mode 100644 index 0000000000..e9a73d283b --- /dev/null +++ b/2016/CVE-2016-6981.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893148, + "name": "CVE-2016-6981", + "full_name": "Live-Hack-CVE\/CVE-2016-6981", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6981", + "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:08Z", + "updated_at": "2022-12-28T06:46:08Z", + "pushed_at": "2022-12-28T06:46:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6982.json b/2016/CVE-2016-6982.json new file mode 100644 index 0000000000..17e1adf731 --- /dev/null +++ b/2016/CVE-2016-6982.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892972, + "name": "CVE-2016-6982", + "full_name": "Live-Hack-CVE\/CVE-2016-6982", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6982", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6983, CVE-2016-698 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:22Z", + "updated_at": "2022-12-28T06:45:22Z", + "pushed_at": "2022-12-28T06:45:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6983.json b/2016/CVE-2016-6983.json new file mode 100644 index 0000000000..50c1becc37 --- /dev/null +++ b/2016/CVE-2016-6983.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892948, + "name": "CVE-2016-6983", + "full_name": "Live-Hack-CVE\/CVE-2016-6983", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6983", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-698 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:18Z", + "updated_at": "2022-12-28T06:45:19Z", + "pushed_at": "2022-12-28T06:45:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6984.json b/2016/CVE-2016-6984.json new file mode 100644 index 0000000000..b4115903ae --- /dev/null +++ b/2016/CVE-2016-6984.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892709, + "name": "CVE-2016-6984", + "full_name": "Live-Hack-CVE\/CVE-2016-6984", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6984", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-698 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:25Z", + "updated_at": "2022-12-28T06:44:25Z", + "pushed_at": "2022-12-28T06:44:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6985.json b/2016/CVE-2016-6985.json new file mode 100644 index 0000000000..398fe91f9a --- /dev/null +++ b/2016/CVE-2016-6985.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892662, + "name": "CVE-2016-6985", + "full_name": "Live-Hack-CVE\/CVE-2016-6985", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6985", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-698 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:15Z", + "updated_at": "2022-12-28T06:44:15Z", + "pushed_at": "2022-12-28T06:44:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6986.json b/2016/CVE-2016-6986.json new file mode 100644 index 0000000000..37f20505c0 --- /dev/null +++ b/2016/CVE-2016-6986.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892676, + "name": "CVE-2016-6986", + "full_name": "Live-Hack-CVE\/CVE-2016-6986", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6986", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-698 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:19Z", + "updated_at": "2022-12-28T06:44:19Z", + "pushed_at": "2022-12-28T06:44:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6987.json b/2016/CVE-2016-6987.json new file mode 100644 index 0000000000..7b0d865923 --- /dev/null +++ b/2016/CVE-2016-6987.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892640, + "name": "CVE-2016-6987", + "full_name": "Live-Hack-CVE\/CVE-2016-6987", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6987", + "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:11Z", + "updated_at": "2022-12-28T06:44:11Z", + "pushed_at": "2022-12-28T06:44:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6989.json b/2016/CVE-2016-6989.json new file mode 100644 index 0000000000..df695e2bd1 --- /dev/null +++ b/2016/CVE-2016-6989.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891195, + "name": "CVE-2016-6989", + "full_name": "Live-Hack-CVE\/CVE-2016-6989", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6989", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-698 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:29Z", + "updated_at": "2022-12-28T06:38:29Z", + "pushed_at": "2022-12-28T06:38:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6990.json b/2016/CVE-2016-6990.json new file mode 100644 index 0000000000..8d947bf94c --- /dev/null +++ b/2016/CVE-2016-6990.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892770, + "name": "CVE-2016-6990", + "full_name": "Live-Hack-CVE\/CVE-2016-6990", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6990", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-698 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:35Z", + "updated_at": "2022-12-28T06:44:35Z", + "pushed_at": "2022-12-28T06:44:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-6992.json b/2016/CVE-2016-6992.json new file mode 100644 index 0000000000..9801bef471 --- /dev/null +++ b/2016/CVE-2016-6992.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892785, + "name": "CVE-2016-6992", + "full_name": "Live-Hack-CVE\/CVE-2016-6992", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-6992", + "description": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\" CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:39Z", + "updated_at": "2022-12-28T06:44:39Z", + "pushed_at": "2022-12-28T06:44:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7867.json b/2016/CVE-2016-7867.json new file mode 100644 index 0000000000..2128f69798 --- /dev/null +++ b/2016/CVE-2016-7867.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913783, + "name": "CVE-2016-7867", + "full_name": "Live-Hack-CVE\/CVE-2016-7867", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7867", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow \/ underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:22Z", + "updated_at": "2022-12-28T08:08:22Z", + "pushed_at": "2022-12-28T08:08:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7868.json b/2016/CVE-2016-7868.json new file mode 100644 index 0000000000..873a79eb95 --- /dev/null +++ b/2016/CVE-2016-7868.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913794, + "name": "CVE-2016-7868", + "full_name": "Live-Hack-CVE\/CVE-2016-7868", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7868", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow \/ underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:26Z", + "updated_at": "2022-12-28T08:08:26Z", + "pushed_at": "2022-12-28T08:08:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7869.json b/2016/CVE-2016-7869.json new file mode 100644 index 0000000000..c692d36486 --- /dev/null +++ b/2016/CVE-2016-7869.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913813, + "name": "CVE-2016-7869", + "full_name": "Live-Hack-CVE\/CVE-2016-7869", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7869", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow \/ underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:29Z", + "updated_at": "2022-12-28T08:08:29Z", + "pushed_at": "2022-12-28T08:08:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7870.json b/2016/CVE-2016-7870.json new file mode 100644 index 0000000000..81fa790d75 --- /dev/null +++ b/2016/CVE-2016-7870.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913981, + "name": "CVE-2016-7870", + "full_name": "Live-Hack-CVE\/CVE-2016-7870", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7870", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow \/ underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:10Z", + "updated_at": "2022-12-28T08:09:10Z", + "pushed_at": "2022-12-28T08:09:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7871.json b/2016/CVE-2016-7871.json new file mode 100644 index 0000000000..140da5f67a --- /dev/null +++ b/2016/CVE-2016-7871.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913953, + "name": "CVE-2016-7871", + "full_name": "Live-Hack-CVE\/CVE-2016-7871", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7871", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:03Z", + "updated_at": "2022-12-28T08:09:03Z", + "pushed_at": "2022-12-28T08:09:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7872.json b/2016/CVE-2016-7872.json new file mode 100644 index 0000000000..14c213827d --- /dev/null +++ b/2016/CVE-2016-7872.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913968, + "name": "CVE-2016-7872", + "full_name": "Live-Hack-CVE\/CVE-2016-7872", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7872", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:07Z", + "updated_at": "2022-12-28T08:09:07Z", + "pushed_at": "2022-12-28T08:09:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7873.json b/2016/CVE-2016-7873.json new file mode 100644 index 0000000000..93ce062233 --- /dev/null +++ b/2016/CVE-2016-7873.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913999, + "name": "CVE-2016-7873", + "full_name": "Live-Hack-CVE\/CVE-2016-7873", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7873", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:14Z", + "updated_at": "2022-12-28T08:09:14Z", + "pushed_at": "2022-12-28T08:09:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7874.json b/2016/CVE-2016-7874.json new file mode 100644 index 0000000000..a4c3e8da17 --- /dev/null +++ b/2016/CVE-2016-7874.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914395, + "name": "CVE-2016-7874", + "full_name": "Live-Hack-CVE\/CVE-2016-7874", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7874", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:45Z", + "updated_at": "2022-12-28T08:10:45Z", + "pushed_at": "2022-12-28T08:10:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7875.json b/2016/CVE-2016-7875.json new file mode 100644 index 0000000000..f0d8acbc5c --- /dev/null +++ b/2016/CVE-2016-7875.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914382, + "name": "CVE-2016-7875", + "full_name": "Live-Hack-CVE\/CVE-2016-7875", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7875", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:41Z", + "updated_at": "2022-12-28T08:10:41Z", + "pushed_at": "2022-12-28T08:10:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7876.json b/2016/CVE-2016-7876.json new file mode 100644 index 0000000000..bc3b40147e --- /dev/null +++ b/2016/CVE-2016-7876.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914302, + "name": "CVE-2016-7876", + "full_name": "Live-Hack-CVE\/CVE-2016-7876", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7876", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:21Z", + "updated_at": "2022-12-28T08:10:21Z", + "pushed_at": "2022-12-28T08:10:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7877.json b/2016/CVE-2016-7877.json new file mode 100644 index 0000000000..075bbb578d --- /dev/null +++ b/2016/CVE-2016-7877.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914316, + "name": "CVE-2016-7877", + "full_name": "Live-Hack-CVE\/CVE-2016-7877", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7877", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:25Z", + "updated_at": "2022-12-28T08:10:25Z", + "pushed_at": "2022-12-28T08:10:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7878.json b/2016/CVE-2016-7878.json new file mode 100644 index 0000000000..fde49efebd --- /dev/null +++ b/2016/CVE-2016-7878.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914283, + "name": "CVE-2016-7878", + "full_name": "Live-Hack-CVE\/CVE-2016-7878", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7878", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:18Z", + "updated_at": "2022-12-28T08:10:18Z", + "pushed_at": "2022-12-28T08:10:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7879.json b/2016/CVE-2016-7879.json new file mode 100644 index 0000000000..c211927ae1 --- /dev/null +++ b/2016/CVE-2016-7879.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914273, + "name": "CVE-2016-7879", + "full_name": "Live-Hack-CVE\/CVE-2016-7879", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7879", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:14Z", + "updated_at": "2022-12-28T08:10:14Z", + "pushed_at": "2022-12-28T08:10:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7880.json b/2016/CVE-2016-7880.json new file mode 100644 index 0000000000..2371386b60 --- /dev/null +++ b/2016/CVE-2016-7880.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914254, + "name": "CVE-2016-7880", + "full_name": "Live-Hack-CVE\/CVE-2016-7880", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7880", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:11Z", + "updated_at": "2022-12-28T08:10:11Z", + "pushed_at": "2022-12-28T08:10:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7881.json b/2016/CVE-2016-7881.json new file mode 100644 index 0000000000..e4691584f6 --- /dev/null +++ b/2016/CVE-2016-7881.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914215, + "name": "CVE-2016-7881", + "full_name": "Live-Hack-CVE\/CVE-2016-7881", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7881", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:03Z", + "updated_at": "2022-12-28T08:10:03Z", + "pushed_at": "2022-12-28T08:10:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7890.json b/2016/CVE-2016-7890.json new file mode 100644 index 0000000000..9adf63eb28 --- /dev/null +++ b/2016/CVE-2016-7890.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914202, + "name": "CVE-2016-7890", + "full_name": "Live-Hack-CVE\/CVE-2016-7890", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7890", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:00Z", + "updated_at": "2022-12-28T08:10:00Z", + "pushed_at": "2022-12-28T08:10:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-7892.json b/2016/CVE-2016-7892.json new file mode 100644 index 0000000000..cc6f440f82 --- /dev/null +++ b/2016/CVE-2016-7892.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914238, + "name": "CVE-2016-7892", + "full_name": "Live-Hack-CVE\/CVE-2016-7892", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2016-7892", + "description": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:07Z", + "updated_at": "2022-12-28T08:10:07Z", + "pushed_at": "2022-12-28T08:10:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-1000509.json b/2017/CVE-2017-1000509.json new file mode 100644 index 0000000000..073c861c54 --- /dev/null +++ b/2017/CVE-2017-1000509.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912130, + "name": "CVE-2017-1000509", + "full_name": "Live-Hack-CVE\/CVE-2017-1000509", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-1000509", + "description": "Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:15Z", + "updated_at": "2022-12-28T08:02:15Z", + "pushed_at": "2022-12-28T08:02:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-11683.json b/2017/CVE-2017-11683.json new file mode 100644 index 0000000000..f302dfc672 --- /dev/null +++ b/2017/CVE-2017-11683.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957474, + "name": "CVE-2017-11683", + "full_name": "Live-Hack-CVE\/CVE-2017-11683", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-11683", + "description": "There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:47:39Z", + "updated_at": "2022-12-28T10:47:39Z", + "pushed_at": "2022-12-28T10:47:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-17897.json b/2017/CVE-2017-17897.json new file mode 100644 index 0000000000..9aca7adbcc --- /dev/null +++ b/2017/CVE-2017-17897.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911751, + "name": "CVE-2017-17897", + "full_name": "Live-Hack-CVE\/CVE-2017-17897", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-17897", + "description": "SQL injection vulnerability in comm\/multiprix.php in Dolibarr ERP\/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:42Z", + "updated_at": "2022-12-28T08:00:42Z", + "pushed_at": "2022-12-28T08:00:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-17898.json b/2017/CVE-2017-17898.json new file mode 100644 index 0000000000..d73106e1e6 --- /dev/null +++ b/2017/CVE-2017-17898.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903981, + "name": "CVE-2017-17898", + "full_name": "Live-Hack-CVE\/CVE-2017-17898", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-17898", + "description": "Dolibarr ERP\/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:30:03Z", + "updated_at": "2022-12-28T07:30:03Z", + "pushed_at": "2022-12-28T07:30:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-17899.json b/2017/CVE-2017-17899.json new file mode 100644 index 0000000000..9749a2d9df --- /dev/null +++ b/2017/CVE-2017-17899.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911783, + "name": "CVE-2017-17899", + "full_name": "Live-Hack-CVE\/CVE-2017-17899", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-17899", + "description": "SQL injection vulnerability in adherents\/subscription\/info.php in Dolibarr ERP\/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:49Z", + "updated_at": "2022-12-28T08:00:49Z", + "pushed_at": "2022-12-28T08:00:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-17900.json b/2017/CVE-2017-17900.json new file mode 100644 index 0000000000..6ea2e873e1 --- /dev/null +++ b/2017/CVE-2017-17900.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911770, + "name": "CVE-2017-17900", + "full_name": "Live-Hack-CVE\/CVE-2017-17900", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-17900", + "description": "SQL injection vulnerability in fourn\/index.php in Dolibarr ERP\/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:45Z", + "updated_at": "2022-12-28T08:00:45Z", + "pushed_at": "2022-12-28T08:00:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-17971.json b/2017/CVE-2017-17971.json new file mode 100644 index 0000000000..377b74c579 --- /dev/null +++ b/2017/CVE-2017-17971.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911823, + "name": "CVE-2017-17971", + "full_name": "Live-Hack-CVE\/CVE-2017-17971", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-17971", + "description": "The test_sql_and_script_inject function in htdocs\/main.inc.php in Dolibarr ERP\/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:56Z", + "updated_at": "2022-12-28T08:00:56Z", + "pushed_at": "2022-12-28T08:00:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-18926.json b/2017/CVE-2017-18926.json new file mode 100644 index 0000000000..83a1c9b733 --- /dev/null +++ b/2017/CVE-2017-18926.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924798, + "name": "CVE-2017-18926", + "full_name": "Live-Hack-CVE\/CVE-2017-18926", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-18926", + "description": "raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:39Z", + "updated_at": "2022-12-28T08:50:39Z", + "pushed_at": "2022-12-28T08:50:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2926.json b/2017/CVE-2017-2926.json new file mode 100644 index 0000000000..f5a12f5bae --- /dev/null +++ b/2017/CVE-2017-2926.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914160, + "name": "CVE-2017-2926", + "full_name": "Live-Hack-CVE\/CVE-2017-2926", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2926", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:49Z", + "updated_at": "2022-12-28T08:09:49Z", + "pushed_at": "2022-12-28T08:09:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2928.json b/2017/CVE-2017-2928.json new file mode 100644 index 0000000000..785e9a5bea --- /dev/null +++ b/2017/CVE-2017-2928.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903254, + "name": "CVE-2017-2928", + "full_name": "Live-Hack-CVE\/CVE-2017-2928", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2928", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:10Z", + "updated_at": "2022-12-28T07:27:10Z", + "pushed_at": "2022-12-28T07:27:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2930.json b/2017/CVE-2017-2930.json new file mode 100644 index 0000000000..f3a145584e --- /dev/null +++ b/2017/CVE-2017-2930.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903216, + "name": "CVE-2017-2930", + "full_name": "Live-Hack-CVE\/CVE-2017-2930", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2930", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:59Z", + "updated_at": "2022-12-28T07:26:59Z", + "pushed_at": "2022-12-28T07:27:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2931.json b/2017/CVE-2017-2931.json new file mode 100644 index 0000000000..4bd108f949 --- /dev/null +++ b/2017/CVE-2017-2931.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903234, + "name": "CVE-2017-2931", + "full_name": "Live-Hack-CVE\/CVE-2017-2931", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2931", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:06Z", + "updated_at": "2022-12-28T07:27:06Z", + "pushed_at": "2022-12-28T07:27:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2932.json b/2017/CVE-2017-2932.json new file mode 100644 index 0000000000..0ef84ebae6 --- /dev/null +++ b/2017/CVE-2017-2932.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914030, + "name": "CVE-2017-2932", + "full_name": "Live-Hack-CVE\/CVE-2017-2932", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2932", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:22Z", + "updated_at": "2022-12-28T08:09:22Z", + "pushed_at": "2022-12-28T08:09:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2933.json b/2017/CVE-2017-2933.json new file mode 100644 index 0000000000..aa3516b66b --- /dev/null +++ b/2017/CVE-2017-2933.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914042, + "name": "CVE-2017-2933", + "full_name": "Live-Hack-CVE\/CVE-2017-2933", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2933", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:25Z", + "updated_at": "2022-12-28T08:09:26Z", + "pushed_at": "2022-12-28T08:09:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2934.json b/2017/CVE-2017-2934.json new file mode 100644 index 0000000000..e87b4daf87 --- /dev/null +++ b/2017/CVE-2017-2934.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914058, + "name": "CVE-2017-2934", + "full_name": "Live-Hack-CVE\/CVE-2017-2934", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2934", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:29Z", + "updated_at": "2022-12-28T08:09:29Z", + "pushed_at": "2022-12-28T08:09:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2935.json b/2017/CVE-2017-2935.json new file mode 100644 index 0000000000..707e15c5a7 --- /dev/null +++ b/2017/CVE-2017-2935.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914018, + "name": "CVE-2017-2935", + "full_name": "Live-Hack-CVE\/CVE-2017-2935", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2935", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:19Z", + "updated_at": "2022-12-28T08:09:19Z", + "pushed_at": "2022-12-28T08:09:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2936.json b/2017/CVE-2017-2936.json new file mode 100644 index 0000000000..74979d0192 --- /dev/null +++ b/2017/CVE-2017-2936.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914076, + "name": "CVE-2017-2936", + "full_name": "Live-Hack-CVE\/CVE-2017-2936", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2936", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:32Z", + "updated_at": "2022-12-28T08:09:32Z", + "pushed_at": "2022-12-28T08:09:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2937.json b/2017/CVE-2017-2937.json new file mode 100644 index 0000000000..067445526d --- /dev/null +++ b/2017/CVE-2017-2937.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914142, + "name": "CVE-2017-2937", + "full_name": "Live-Hack-CVE\/CVE-2017-2937", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2937", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:46Z", + "updated_at": "2022-12-28T08:09:46Z", + "pushed_at": "2022-12-28T08:09:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2938.json b/2017/CVE-2017-2938.json new file mode 100644 index 0000000000..fc4fa10b74 --- /dev/null +++ b/2017/CVE-2017-2938.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903226, + "name": "CVE-2017-2938", + "full_name": "Live-Hack-CVE\/CVE-2017-2938", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2938", + "description": "Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:03Z", + "updated_at": "2022-12-28T07:27:03Z", + "pushed_at": "2022-12-28T07:27:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2982.json b/2017/CVE-2017-2982.json new file mode 100644 index 0000000000..c37f22087f --- /dev/null +++ b/2017/CVE-2017-2982.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903124, + "name": "CVE-2017-2982", + "full_name": "Live-Hack-CVE\/CVE-2017-2982", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2982", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:35Z", + "updated_at": "2022-12-28T07:26:35Z", + "pushed_at": "2022-12-28T07:26:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2984.json b/2017/CVE-2017-2984.json new file mode 100644 index 0000000000..0db302057c --- /dev/null +++ b/2017/CVE-2017-2984.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903114, + "name": "CVE-2017-2984", + "full_name": "Live-Hack-CVE\/CVE-2017-2984", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2984", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:31Z", + "updated_at": "2022-12-28T07:26:31Z", + "pushed_at": "2022-12-28T07:26:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2985.json b/2017/CVE-2017-2985.json new file mode 100644 index 0000000000..cd5309431c --- /dev/null +++ b/2017/CVE-2017-2985.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903089, + "name": "CVE-2017-2985", + "full_name": "Live-Hack-CVE\/CVE-2017-2985", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2985", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:24Z", + "updated_at": "2022-12-28T07:26:24Z", + "pushed_at": "2022-12-28T07:26:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2986.json b/2017/CVE-2017-2986.json new file mode 100644 index 0000000000..faf56cc065 --- /dev/null +++ b/2017/CVE-2017-2986.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903102, + "name": "CVE-2017-2986", + "full_name": "Live-Hack-CVE\/CVE-2017-2986", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2986", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:28Z", + "updated_at": "2022-12-28T07:26:28Z", + "pushed_at": "2022-12-28T07:26:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2987.json b/2017/CVE-2017-2987.json new file mode 100644 index 0000000000..82254f993e --- /dev/null +++ b/2017/CVE-2017-2987.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902756, + "name": "CVE-2017-2987", + "full_name": "Live-Hack-CVE\/CVE-2017-2987", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2987", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:07Z", + "updated_at": "2022-12-28T07:25:07Z", + "pushed_at": "2022-12-28T07:25:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2988.json b/2017/CVE-2017-2988.json new file mode 100644 index 0000000000..2a599ae544 --- /dev/null +++ b/2017/CVE-2017-2988.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902735, + "name": "CVE-2017-2988", + "full_name": "Live-Hack-CVE\/CVE-2017-2988", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2988", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:03Z", + "updated_at": "2022-12-28T07:25:04Z", + "pushed_at": "2022-12-28T07:25:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2990.json b/2017/CVE-2017-2990.json new file mode 100644 index 0000000000..fa451acc79 --- /dev/null +++ b/2017/CVE-2017-2990.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902723, + "name": "CVE-2017-2990", + "full_name": "Live-Hack-CVE\/CVE-2017-2990", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2990", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:00Z", + "updated_at": "2022-12-28T07:25:00Z", + "pushed_at": "2022-12-28T07:25:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2991.json b/2017/CVE-2017-2991.json new file mode 100644 index 0000000000..21248775fa --- /dev/null +++ b/2017/CVE-2017-2991.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902705, + "name": "CVE-2017-2991", + "full_name": "Live-Hack-CVE\/CVE-2017-2991", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2991", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:24:57Z", + "updated_at": "2022-12-28T07:24:57Z", + "pushed_at": "2022-12-28T07:24:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2992.json b/2017/CVE-2017-2992.json new file mode 100644 index 0000000000..d7e5f9bfa8 --- /dev/null +++ b/2017/CVE-2017-2992.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903204, + "name": "CVE-2017-2992", + "full_name": "Live-Hack-CVE\/CVE-2017-2992", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2992", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:55Z", + "updated_at": "2022-12-28T07:26:55Z", + "pushed_at": "2022-12-28T07:26:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2993.json b/2017/CVE-2017-2993.json new file mode 100644 index 0000000000..c668a258dd --- /dev/null +++ b/2017/CVE-2017-2993.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903184, + "name": "CVE-2017-2993", + "full_name": "Live-Hack-CVE\/CVE-2017-2993", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2993", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:48Z", + "updated_at": "2022-12-28T07:26:48Z", + "pushed_at": "2022-12-28T07:26:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2994.json b/2017/CVE-2017-2994.json new file mode 100644 index 0000000000..51727dc7ac --- /dev/null +++ b/2017/CVE-2017-2994.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903168, + "name": "CVE-2017-2994", + "full_name": "Live-Hack-CVE\/CVE-2017-2994", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2994", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:45Z", + "updated_at": "2022-12-28T07:26:45Z", + "pushed_at": "2022-12-28T07:26:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2995.json b/2017/CVE-2017-2995.json new file mode 100644 index 0000000000..61a2cfef3f --- /dev/null +++ b/2017/CVE-2017-2995.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903196, + "name": "CVE-2017-2995", + "full_name": "Live-Hack-CVE\/CVE-2017-2995", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2995", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:52Z", + "updated_at": "2022-12-28T07:26:52Z", + "pushed_at": "2022-12-28T07:26:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-2996.json b/2017/CVE-2017-2996.json new file mode 100644 index 0000000000..cfc670a5fe --- /dev/null +++ b/2017/CVE-2017-2996.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903140, + "name": "CVE-2017-2996", + "full_name": "Live-Hack-CVE\/CVE-2017-2996", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-2996", + "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:38Z", + "updated_at": "2022-12-28T07:26:38Z", + "pushed_at": "2022-12-28T07:26:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-3085.json b/2017/CVE-2017-3085.json new file mode 100644 index 0000000000..034f001a13 --- /dev/null +++ b/2017/CVE-2017-3085.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914192, + "name": "CVE-2017-3085", + "full_name": "Live-Hack-CVE\/CVE-2017-3085", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-3085", + "description": "Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:56Z", + "updated_at": "2022-12-28T08:09:56Z", + "pushed_at": "2022-12-28T08:09:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-3106.json b/2017/CVE-2017-3106.json new file mode 100644 index 0000000000..973e20a893 --- /dev/null +++ b/2017/CVE-2017-3106.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914177, + "name": "CVE-2017-3106", + "full_name": "Live-Hack-CVE\/CVE-2017-3106", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-3106", + "description": "Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:09:53Z", + "updated_at": "2022-12-28T08:09:53Z", + "pushed_at": "2022-12-28T08:09:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-7886.json b/2017/CVE-2017-7886.json new file mode 100644 index 0000000000..06305a16af --- /dev/null +++ b/2017/CVE-2017-7886.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903746, + "name": "CVE-2017-7886", + "full_name": "Live-Hack-CVE\/CVE-2017-7886", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-7886", + "description": "Dolibarr ERP\/CRM 4.0.4 has SQL Injection in doli\/theme\/eldy\/style.css.php via the lang parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:07Z", + "updated_at": "2022-12-28T07:29:07Z", + "pushed_at": "2022-12-28T07:29:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-7887.json b/2017/CVE-2017-7887.json new file mode 100644 index 0000000000..8f466cae16 --- /dev/null +++ b/2017/CVE-2017-7887.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903693, + "name": "CVE-2017-7887", + "full_name": "Live-Hack-CVE\/CVE-2017-7887", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-7887", + "description": "Dolibarr ERP\/CRM 4.0.4 has XSS in doli\/societe\/list.php via the sall parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:56Z", + "updated_at": "2022-12-28T07:28:56Z", + "pushed_at": "2022-12-28T07:28:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-7888.json b/2017/CVE-2017-7888.json new file mode 100644 index 0000000000..5237551f26 --- /dev/null +++ b/2017/CVE-2017-7888.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903786, + "name": "CVE-2017-7888", + "full_name": "Live-Hack-CVE\/CVE-2017-7888", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-7888", + "description": "Dolibarr ERP\/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:17Z", + "updated_at": "2022-12-28T07:29:17Z", + "pushed_at": "2022-12-28T07:29:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-8879.json b/2017/CVE-2017-8879.json new file mode 100644 index 0000000000..9eafd442da --- /dev/null +++ b/2017/CVE-2017-8879.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903633, + "name": "CVE-2017-8879", + "full_name": "Live-Hack-CVE\/CVE-2017-8879", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2017-8879", + "description": "Dolibarr ERP\/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:40Z", + "updated_at": "2022-12-28T07:28:40Z", + "pushed_at": "2022-12-28T07:28:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-12207.json b/2018/CVE-2018-12207.json new file mode 100644 index 0000000000..211693822c --- /dev/null +++ b/2018/CVE-2018-12207.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947810, + "name": "CVE-2018-12207", + "full_name": "Live-Hack-CVE\/CVE-2018-12207", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-12207", + "description": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:29Z", + "updated_at": "2022-12-28T10:12:29Z", + "pushed_at": "2022-12-28T10:12:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-13447.json b/2018/CVE-2018-13447.json new file mode 100644 index 0000000000..398141d27a --- /dev/null +++ b/2018/CVE-2018-13447.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911671, + "name": "CVE-2018-13447", + "full_name": "Live-Hack-CVE\/CVE-2018-13447", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-13447", + "description": "SQL injection vulnerability in product\/card.php in Dolibarr ERP\/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:28Z", + "updated_at": "2022-12-28T08:00:28Z", + "pushed_at": "2022-12-28T08:00:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19950.json b/2018/CVE-2018-19950.json new file mode 100644 index 0000000000..57f9d483c1 --- /dev/null +++ b/2018/CVE-2018-19950.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925398, + "name": "CVE-2018-19950", + "full_name": "Live-Hack-CVE\/CVE-2018-19950", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19950", + "description": "If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:44Z", + "updated_at": "2022-12-28T08:52:44Z", + "pushed_at": "2022-12-28T08:52:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19951.json b/2018/CVE-2018-19951.json new file mode 100644 index 0000000000..855aa1b1aa --- /dev/null +++ b/2018/CVE-2018-19951.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925039, + "name": "CVE-2018-19951", + "full_name": "Live-Hack-CVE\/CVE-2018-19951", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19951", + "description": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:51:30Z", + "updated_at": "2022-12-28T08:51:30Z", + "pushed_at": "2022-12-28T08:51:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19954.json b/2018/CVE-2018-19954.json new file mode 100644 index 0000000000..64f8acc40e --- /dev/null +++ b/2018/CVE-2018-19954.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924872, + "name": "CVE-2018-19954", + "full_name": "Live-Hack-CVE\/CVE-2018-19954", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19954", + "description": "The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:54Z", + "updated_at": "2022-12-28T08:50:54Z", + "pushed_at": "2022-12-28T08:50:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19955.json b/2018/CVE-2018-19955.json new file mode 100644 index 0000000000..d0a6c68f04 --- /dev/null +++ b/2018/CVE-2018-19955.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924844, + "name": "CVE-2018-19955", + "full_name": "Live-Hack-CVE\/CVE-2018-19955", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19955", + "description": "The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:49Z", + "updated_at": "2022-12-28T08:50:49Z", + "pushed_at": "2022-12-28T08:50:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19956.json b/2018/CVE-2018-19956.json new file mode 100644 index 0000000000..be24ccbe0b --- /dev/null +++ b/2018/CVE-2018-19956.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924820, + "name": "CVE-2018-19956", + "full_name": "Live-Hack-CVE\/CVE-2018-19956", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19956", + "description": "The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:46Z", + "updated_at": "2022-12-28T08:50:46Z", + "pushed_at": "2022-12-28T08:50:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19992.json b/2018/CVE-2018-19992.json new file mode 100644 index 0000000000..7c770ddd80 --- /dev/null +++ b/2018/CVE-2018-19992.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903656, + "name": "CVE-2018-19992", + "full_name": "Live-Hack-CVE\/CVE-2018-19992", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19992", + "description": "A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the \"address\" (POST) or \"town\" (POST) parameter to adherents\/type.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:46Z", + "updated_at": "2022-12-28T07:28:46Z", + "pushed_at": "2022-12-28T07:28:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19993.json b/2018/CVE-2018-19993.json new file mode 100644 index 0000000000..5f0404a67b --- /dev/null +++ b/2018/CVE-2018-19993.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903727, + "name": "CVE-2018-19993", + "full_name": "Live-Hack-CVE\/CVE-2018-19993", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19993", + "description": "A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public\/notice.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:03Z", + "updated_at": "2022-12-28T07:29:04Z", + "pushed_at": "2022-12-28T07:29:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19994.json b/2018/CVE-2018-19994.json new file mode 100644 index 0000000000..2a18c653db --- /dev/null +++ b/2018/CVE-2018-19994.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903805, + "name": "CVE-2018-19994", + "full_name": "Live-Hack-CVE\/CVE-2018-19994", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19994", + "description": "An error-based SQL injection vulnerability in product\/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:21Z", + "updated_at": "2022-12-28T07:29:21Z", + "pushed_at": "2022-12-28T07:29:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19995.json b/2018/CVE-2018-19995.json new file mode 100644 index 0000000000..3d14a4d3ae --- /dev/null +++ b/2018/CVE-2018-19995.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903918, + "name": "CVE-2018-19995", + "full_name": "Live-Hack-CVE\/CVE-2018-19995", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19995", + "description": "A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the \"address\" (POST) or \"town\" (POST) parameter to user\/card.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:50Z", + "updated_at": "2022-12-28T07:29:50Z", + "pushed_at": "2022-12-28T07:29:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19998.json b/2018/CVE-2018-19998.json new file mode 100644 index 0000000000..e85edcffbd --- /dev/null +++ b/2018/CVE-2018-19998.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903931, + "name": "CVE-2018-19998", + "full_name": "Live-Hack-CVE\/CVE-2018-19998", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-19998", + "description": "SQL injection vulnerability in user\/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:53Z", + "updated_at": "2022-12-28T07:29:53Z", + "pushed_at": "2022-12-28T07:29:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-20432.json b/2018/CVE-2018-20432.json new file mode 100644 index 0000000000..e0273b7010 --- /dev/null +++ b/2018/CVE-2018-20432.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933855, + "name": "CVE-2018-20432", + "full_name": "Live-Hack-CVE\/CVE-2018-20432", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-20432", + "description": "D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:45Z", + "updated_at": "2022-12-28T09:23:45Z", + "pushed_at": "2022-12-28T09:23:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-3282.json b/2018/CVE-2018-3282.json new file mode 100644 index 0000000000..b53fb0c8d5 --- /dev/null +++ b/2018/CVE-2018-3282.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980988, + "name": "CVE-2018-3282", + "full_name": "Live-Hack-CVE\/CVE-2018-3282", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-3282", + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:07Z", + "updated_at": "2022-12-28T12:13:07Z", + "pushed_at": "2022-12-28T12:13:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4919.json b/2018/CVE-2018-4919.json new file mode 100644 index 0000000000..a1d3e245d5 --- /dev/null +++ b/2018/CVE-2018-4919.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893134, + "name": "CVE-2018-4919", + "full_name": "Live-Hack-CVE\/CVE-2018-4919", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-4919", + "description": "Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:04Z", + "updated_at": "2022-12-28T06:46:04Z", + "pushed_at": "2022-12-28T06:46:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4920.json b/2018/CVE-2018-4920.json new file mode 100644 index 0000000000..369e2c2181 --- /dev/null +++ b/2018/CVE-2018-4920.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893121, + "name": "CVE-2018-4920", + "full_name": "Live-Hack-CVE\/CVE-2018-4920", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-4920", + "description": "Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:00Z", + "updated_at": "2022-12-28T06:46:00Z", + "pushed_at": "2022-12-28T06:46:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4934.json b/2018/CVE-2018-4934.json new file mode 100644 index 0000000000..022b6690cf --- /dev/null +++ b/2018/CVE-2018-4934.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892727, + "name": "CVE-2018-4934", + "full_name": "Live-Hack-CVE\/CVE-2018-4934", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-4934", + "description": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:28Z", + "updated_at": "2022-12-28T06:44:28Z", + "pushed_at": "2022-12-28T06:44:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4935.json b/2018/CVE-2018-4935.json new file mode 100644 index 0000000000..30de5a25c8 --- /dev/null +++ b/2018/CVE-2018-4935.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892847, + "name": "CVE-2018-4935", + "full_name": "Live-Hack-CVE\/CVE-2018-4935", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-4935", + "description": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:54Z", + "updated_at": "2022-12-28T06:44:54Z", + "pushed_at": "2022-12-28T06:44:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4936.json b/2018/CVE-2018-4936.json new file mode 100644 index 0000000000..a168c9d857 --- /dev/null +++ b/2018/CVE-2018-4936.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892839, + "name": "CVE-2018-4936", + "full_name": "Live-Hack-CVE\/CVE-2018-4936", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-4936", + "description": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:51Z", + "updated_at": "2022-12-28T06:44:51Z", + "pushed_at": "2022-12-28T06:44:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4937.json b/2018/CVE-2018-4937.json new file mode 100644 index 0000000000..ad21234376 --- /dev/null +++ b/2018/CVE-2018-4937.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892827, + "name": "CVE-2018-4937", + "full_name": "Live-Hack-CVE\/CVE-2018-4937", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-4937", + "description": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:47Z", + "updated_at": "2022-12-28T06:44:47Z", + "pushed_at": "2022-12-28T06:44:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-6891.json b/2018/CVE-2018-6891.json new file mode 100644 index 0000000000..b01904e27d --- /dev/null +++ b/2018/CVE-2018-6891.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947480, + "name": "CVE-2018-6891", + "full_name": "Live-Hack-CVE\/CVE-2018-6891", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2018-6891", + "description": "Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:21Z", + "updated_at": "2022-12-28T10:11:21Z", + "pushed_at": "2022-12-28T10:11:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-9995.json b/2018/CVE-2018-9995.json index 46b1f31564..593dffb3e5 100644 --- a/2018/CVE-2018-9995.json +++ b/2018/CVE-2018-9995.json @@ -13,10 +13,10 @@ "description": "(CVE-2018-9995) Get DVR Credentials", "fork": false, "created_at": "2018-04-29T20:00:06Z", - "updated_at": "2022-12-16T23:04:15Z", + "updated_at": "2022-12-28T07:43:36Z", "pushed_at": "2019-01-23T14:27:21Z", - "stargazers_count": 481, - "watchers_count": 481, + "stargazers_count": 482, + "watchers_count": 482, "has_discussions": false, "forks_count": 196, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 196, - "watchers": 481, + "watchers": 482, "score": 0 }, { diff --git a/2019/CVE-2019-0232.json b/2019/CVE-2019-0232.json index 3e9345239b..f5cf2fb2d2 100644 --- a/2019/CVE-2019-0232.json +++ b/2019/CVE-2019-0232.json @@ -86,35 +86,6 @@ "watchers": 4, "score": 0 }, - { - "id": 223192188, - "name": "CVE-2019-0232", - "full_name": "setrus\/CVE-2019-0232", - "owner": { - "login": "setrus", - "id": 34648357, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/34648357?v=4", - "html_url": "https:\/\/github.com\/setrus" - }, - "html_url": "https:\/\/github.com\/setrus\/CVE-2019-0232", - "description": "CVE-2019-0232-Remote Code Execution on Apache Tomcat 7.0.42", - "fork": false, - "created_at": "2019-11-21T14:25:39Z", - "updated_at": "2022-10-22T07:08:06Z", - "pushed_at": "2019-11-21T15:03:15Z", - "stargazers_count": 15, - "watchers_count": 15, - "has_discussions": false, - "forks_count": 6, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 6, - "watchers": 15, - "score": 0 - }, { "id": 340726659, "name": "Windows-exploitation-Apache-Tomcat-8.5.19-CVE-2019-0232-", diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json index a26493b4aa..8be6bee892 100644 --- a/2019/CVE-2019-0708.json +++ b/2019/CVE-2019-0708.json @@ -2283,64 +2283,6 @@ "watchers": 4, "score": 0 }, - { - "id": 198343084, - "name": "bluekeep", - "full_name": "0xeb-bp\/bluekeep", - "owner": { - "login": "0xeb-bp", - "id": 53204152, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/53204152?v=4", - "html_url": "https:\/\/github.com\/0xeb-bp" - }, - "html_url": "https:\/\/github.com\/0xeb-bp\/bluekeep", - "description": "Public work for CVE-2019-0708", - "fork": false, - "created_at": "2019-07-23T03:15:53Z", - "updated_at": "2022-08-26T13:16:46Z", - "pushed_at": "2019-11-19T02:43:38Z", - "stargazers_count": 292, - "watchers_count": 292, - "has_discussions": false, - "forks_count": 95, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 95, - "watchers": 292, - "score": 0 - }, - { - "id": 203477227, - "name": "CVE-2019-0708-test", - "full_name": "fade-vivida\/CVE-2019-0708-test", - "owner": { - "login": "fade-vivida", - "id": 38774342, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/38774342?v=4", - "html_url": "https:\/\/github.com\/fade-vivida" - }, - "html_url": "https:\/\/github.com\/fade-vivida\/CVE-2019-0708-test", - "description": null, - "fork": false, - "created_at": "2019-08-21T00:48:55Z", - "updated_at": "2021-12-05T21:34:43Z", - "pushed_at": "2019-11-28T01:38:56Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 4, - "score": 0 - }, { "id": 211942417, "name": "ispy", @@ -2399,35 +2341,6 @@ "watchers": 0, "score": 0 }, - { - "id": 223320391, - "name": "-2-CVE-2019-0708", - "full_name": "ulisesrc\/-2-CVE-2019-0708", - "owner": { - "login": "ulisesrc", - "id": 3741400, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3741400?v=4", - "html_url": "https:\/\/github.com\/ulisesrc" - }, - "html_url": "https:\/\/github.com\/ulisesrc\/-2-CVE-2019-0708", - "description": null, - "fork": false, - "created_at": "2019-11-22T04:00:49Z", - "updated_at": "2021-12-05T21:34:43Z", - "pushed_at": "2019-11-22T04:01:03Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 2, - "score": 0 - }, { "id": 226491441, "name": "CVE-2019-0708", diff --git a/2019/CVE-2019-0845.json b/2019/CVE-2019-0845.json new file mode 100644 index 0000000000..207f54ce2a --- /dev/null +++ b/2019/CVE-2019-0845.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936484, + "name": "CVE-2019-0845", + "full_name": "Live-Hack-CVE\/CVE-2019-0845", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-0845", + "description": "A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:32:32Z", + "updated_at": "2022-12-28T09:32:32Z", + "pushed_at": "2022-12-28T09:32:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-1010016.json b/2019/CVE-2019-1010016.json new file mode 100644 index 0000000000..550f7d32ad --- /dev/null +++ b/2019/CVE-2019-1010016.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912082, + "name": "CVE-2019-1010016", + "full_name": "Live-Hack-CVE\/CVE-2019-1010016", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-1010016", + "description": "Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs\/product\/stats\/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:04Z", + "updated_at": "2022-12-28T08:02:04Z", + "pushed_at": "2022-12-28T08:02:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-1010054.json b/2019/CVE-2019-1010054.json index f36331f1c5..6140faa2bd 100644 --- a/2019/CVE-2019-1010054.json +++ b/2019/CVE-2019-1010054.json @@ -27,5 +27,34 @@ "forks": 1, "watchers": 2, "score": 0 + }, + { + "id": 582911958, + "name": "CVE-2019-1010054", + "full_name": "Live-Hack-CVE\/CVE-2019-1010054", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-1010054", + "description": "Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:33Z", + "updated_at": "2022-12-28T08:01:33Z", + "pushed_at": "2022-12-28T08:01:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-11043.json b/2019/CVE-2019-11043.json index f6386bdfed..7702b2fa33 100644 --- a/2019/CVE-2019-11043.json +++ b/2019/CVE-2019-11043.json @@ -57,35 +57,6 @@ "watchers": 4, "score": 0 }, - { - "id": 222200768, - "name": "CVE-2019-11043_env", - "full_name": "moniik\/CVE-2019-11043_env", - "owner": { - "login": "moniik", - "id": 40794673, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40794673?v=4", - "html_url": "https:\/\/github.com\/moniik" - }, - "html_url": "https:\/\/github.com\/moniik\/CVE-2019-11043_env", - "description": "remote debug environment for CLion", - "fork": false, - "created_at": "2019-11-17T05:16:02Z", - "updated_at": "2020-09-09T02:32:52Z", - "pushed_at": "2019-11-17T05:19:03Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - }, { "id": 261416297, "name": "CVE-2019-11043", diff --git a/2019/CVE-2019-11089.json b/2019/CVE-2019-11089.json new file mode 100644 index 0000000000..be0071654f --- /dev/null +++ b/2019/CVE-2019-11089.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959999, + "name": "CVE-2019-11089", + "full_name": "Live-Hack-CVE\/CVE-2019-11089", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-11089", + "description": "Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:47Z", + "updated_at": "2022-12-28T10:56:47Z", + "pushed_at": "2022-12-28T10:56:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-11111.json b/2019/CVE-2019-11111.json new file mode 100644 index 0000000000..a5f3b1939c --- /dev/null +++ b/2019/CVE-2019-11111.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960026, + "name": "CVE-2019-11111", + "full_name": "Live-Hack-CVE\/CVE-2019-11111", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-11111", + "description": "Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:51Z", + "updated_at": "2022-12-28T10:56:51Z", + "pushed_at": "2022-12-28T10:56:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-11113.json b/2019/CVE-2019-11113.json new file mode 100644 index 0000000000..c3f3ab729e --- /dev/null +++ b/2019/CVE-2019-11113.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960045, + "name": "CVE-2019-11113", + "full_name": "Live-Hack-CVE\/CVE-2019-11113", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-11113", + "description": "Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:54Z", + "updated_at": "2022-12-28T10:56:54Z", + "pushed_at": "2022-12-28T10:56:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-11139.json b/2019/CVE-2019-11139.json new file mode 100644 index 0000000000..0e3c3e7f2a --- /dev/null +++ b/2019/CVE-2019-11139.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947793, + "name": "CVE-2019-11139", + "full_name": "Live-Hack-CVE\/CVE-2019-11139", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-11139", + "description": "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:25Z", + "updated_at": "2022-12-28T10:12:25Z", + "pushed_at": "2022-12-28T10:12:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-11556.json b/2019/CVE-2019-11556.json new file mode 100644 index 0000000000..27f3bb225b --- /dev/null +++ b/2019/CVE-2019-11556.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933918, + "name": "CVE-2019-11556", + "full_name": "Live-Hack-CVE\/CVE-2019-11556", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-11556", + "description": "Pagure before 5.6 allows XSS via the templates\/blame.html blame view. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:24:02Z", + "updated_at": "2022-12-28T09:24:02Z", + "pushed_at": "2022-12-28T09:24:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-11823.json b/2019/CVE-2019-11823.json new file mode 100644 index 0000000000..67e12d1385 --- /dev/null +++ b/2019/CVE-2019-11823.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935100, + "name": "CVE-2019-11823", + "full_name": "Live-Hack-CVE\/CVE-2019-11823", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-11823", + "description": "CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:56Z", + "updated_at": "2022-12-28T09:27:56Z", + "pushed_at": "2022-12-28T09:27:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-11931.json b/2019/CVE-2019-11931.json deleted file mode 100644 index 99e50d8ea4..0000000000 --- a/2019/CVE-2019-11931.json +++ /dev/null @@ -1,60 +0,0 @@ -[ - { - "id": 222086842, - "name": "whatsapp-rce-patched", - "full_name": "kasif-dekel\/whatsapp-rce-patched", - "owner": { - "login": "kasif-dekel", - "id": 5827021, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5827021?v=4", - "html_url": "https:\/\/github.com\/kasif-dekel" - }, - "html_url": "https:\/\/github.com\/kasif-dekel\/whatsapp-rce-patched", - "description": "cve-2019-11931", - "fork": false, - "created_at": "2019-11-16T11:06:52Z", - "updated_at": "2022-11-14T07:15:48Z", - "pushed_at": "2019-11-16T11:15:06Z", - "stargazers_count": 35, - "watchers_count": 35, - "has_discussions": false, - "forks_count": 16, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 16, - "watchers": 35, - "score": 0 - }, - { - "id": 223598650, - "name": "CVE-2019-11931", - "full_name": "nop-team\/CVE-2019-11931", - "owner": { - "login": "nop-team", - "id": 58111818, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/58111818?v=4", - "html_url": "https:\/\/github.com\/nop-team" - }, - "html_url": "https:\/\/github.com\/nop-team\/CVE-2019-11931", - "description": null, - "fork": false, - "created_at": "2019-11-23T14:06:13Z", - "updated_at": "2021-12-05T22:06:24Z", - "pushed_at": "2019-11-23T14:06:15Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-11932.json b/2019/CVE-2019-11932.json index ac796837ba..2ae5205468 100644 --- a/2019/CVE-2019-11932.json +++ b/2019/CVE-2019-11932.json @@ -28,35 +28,6 @@ "watchers": 258, "score": 0 }, - { - "id": 212837105, - "name": "CVE-2019-11932", - "full_name": "awakened1712\/CVE-2019-11932", - "owner": { - "login": "awakened1712", - "id": 628212, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/628212?v=4", - "html_url": "https:\/\/github.com\/awakened1712" - }, - "html_url": "https:\/\/github.com\/awakened1712\/CVE-2019-11932", - "description": "Simple POC for exploiting WhatsApp double-free bug in DDGifSlurp in decoding.c in libpl_droidsonroids_gif", - "fork": false, - "created_at": "2019-10-04T14:43:57Z", - "updated_at": "2022-12-21T14:31:46Z", - "pushed_at": "2019-11-30T10:28:01Z", - "stargazers_count": 187, - "watchers_count": 187, - "has_discussions": false, - "forks_count": 106, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 106, - "watchers": 187, - "score": 0 - }, { "id": 215635890, "name": "CVE-2019-11932", @@ -158,12 +129,12 @@ "description": "Whatsapp Automatic Payload Generator [CVE-2019-11932]", "fork": false, "created_at": "2020-04-22T21:11:27Z", - "updated_at": "2022-12-21T21:26:23Z", + "updated_at": "2022-12-28T08:29:33Z", "pushed_at": "2022-01-02T20:40:58Z", - "stargazers_count": 19, - "watchers_count": 19, + "stargazers_count": 20, + "watchers_count": 20, "has_discussions": false, - "forks_count": 7, + "forks_count": 8, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -179,8 +150,8 @@ "whatsapp-chat" ], "visibility": "public", - "forks": 7, - "watchers": 19, + "forks": 8, + "watchers": 20, "score": 0 }, { diff --git a/2019/CVE-2019-12255.json b/2019/CVE-2019-12255.json deleted file mode 100644 index ed64e60a91..0000000000 --- a/2019/CVE-2019-12255.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 221308311, - "name": "Urgent11-Suricata-LUA-scripts", - "full_name": "sud0woodo\/Urgent11-Suricata-LUA-scripts", - "owner": { - "login": "sud0woodo", - "id": 40278342, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40278342?v=4", - "html_url": "https:\/\/github.com\/sud0woodo" - }, - "html_url": "https:\/\/github.com\/sud0woodo\/Urgent11-Suricata-LUA-scripts", - "description": "Suricata LUA scripts to detect CVE-2019-12255, CVE-2019-12256, CVE-2019-12258, and CVE-2019-12260", - "fork": false, - "created_at": "2019-11-12T20:43:46Z", - "updated_at": "2022-10-19T20:23:31Z", - "pushed_at": "2019-11-28T20:16:35Z", - "stargazers_count": 19, - "watchers_count": 19, - "has_discussions": false, - "forks_count": 5, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 5, - "watchers": 19, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-12272.json b/2019/CVE-2019-12272.json deleted file mode 100644 index 63f9afa855..0000000000 --- a/2019/CVE-2019-12272.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 226418974, - "name": "lede-17.01.3", - "full_name": "roguedream\/lede-17.01.3", - "owner": { - "login": "roguedream", - "id": 15247135, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/15247135?v=4", - "html_url": "https:\/\/github.com\/roguedream" - }, - "html_url": "https:\/\/github.com\/roguedream\/lede-17.01.3", - "description": "Version-contains-cve-2019-12272", - "fork": false, - "created_at": "2019-12-06T22:04:24Z", - "updated_at": "2021-12-05T22:09:42Z", - "pushed_at": "2019-12-06T22:18:38Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-12409.json b/2019/CVE-2019-12409.json deleted file mode 100644 index 3215114368..0000000000 --- a/2019/CVE-2019-12409.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 222651199, - "name": "CVE-2019-12409", - "full_name": "jas502n\/CVE-2019-12409", - "owner": { - "login": "jas502n", - "id": 16593068, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", - "html_url": "https:\/\/github.com\/jas502n" - }, - "html_url": "https:\/\/github.com\/jas502n\/CVE-2019-12409", - "description": "Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS=\"true\")", - "fork": false, - "created_at": "2019-11-19T08:53:56Z", - "updated_at": "2022-11-09T18:05:18Z", - "pushed_at": "2019-11-19T09:18:00Z", - "stargazers_count": 100, - "watchers_count": 100, - "has_discussions": false, - "forks_count": 36, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 36, - "watchers": 100, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-12890.json b/2019/CVE-2019-12890.json deleted file mode 100644 index 6abdb480e2..0000000000 --- a/2019/CVE-2019-12890.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 221921802, - "name": "CVE-2019-12890_RedxploitHQ", - "full_name": "EthicalHCOP\/CVE-2019-12890_RedxploitHQ", - "owner": { - "login": "EthicalHCOP", - "id": 33833733, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/33833733?v=4", - "html_url": "https:\/\/github.com\/EthicalHCOP" - }, - "html_url": "https:\/\/github.com\/EthicalHCOP\/CVE-2019-12890_RedxploitHQ", - "description": "Use RedxploitHQ to create a new Admin user into redwoodhq and get all the functions on the framework", - "fork": false, - "created_at": "2019-11-15T12:41:19Z", - "updated_at": "2021-12-05T22:13:52Z", - "pushed_at": "2019-11-15T13:02:47Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-1388.json b/2019/CVE-2019-1388.json index 5cc2ac146b..aca4dec91b 100644 --- a/2019/CVE-2019-1388.json +++ b/2019/CVE-2019-1388.json @@ -1,62 +1,4 @@ [ - { - "id": 223103877, - "name": "CVE-2019-1388", - "full_name": "jas502n\/CVE-2019-1388", - "owner": { - "login": "jas502n", - "id": 16593068, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", - "html_url": "https:\/\/github.com\/jas502n" - }, - "html_url": "https:\/\/github.com\/jas502n\/CVE-2019-1388", - "description": "CVE-2019-1388 UAC提权 (nt authority\\system)", - "fork": false, - "created_at": "2019-11-21T06:26:27Z", - "updated_at": "2022-12-23T19:03:38Z", - "pushed_at": "2019-11-21T09:27:59Z", - "stargazers_count": 164, - "watchers_count": 164, - "has_discussions": false, - "forks_count": 51, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 51, - "watchers": 164, - "score": 0 - }, - { - "id": 223127146, - "name": "CVE-2019-1388", - "full_name": "jaychouzzk\/CVE-2019-1388", - "owner": { - "login": "jaychouzzk", - "id": 45549315, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45549315?v=4", - "html_url": "https:\/\/github.com\/jaychouzzk" - }, - "html_url": "https:\/\/github.com\/jaychouzzk\/CVE-2019-1388", - "description": null, - "fork": false, - "created_at": "2019-11-21T08:38:38Z", - "updated_at": "2020-09-06T01:30:25Z", - "pushed_at": "2019-11-21T08:41:23Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 1, - "score": 0 - }, { "id": 224330054, "name": "CVE-2019-1388", diff --git a/2019/CVE-2019-1402.json b/2019/CVE-2019-1402.json deleted file mode 100644 index 4ad5287249..0000000000 --- a/2019/CVE-2019-1402.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 221768702, - "name": "CorruptQueryAccessWorkaround", - "full_name": "lauxjpn\/CorruptQueryAccessWorkaround", - "owner": { - "login": "lauxjpn", - "id": 14178357, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/14178357?v=4", - "html_url": "https:\/\/github.com\/lauxjpn" - }, - "html_url": "https:\/\/github.com\/lauxjpn\/CorruptQueryAccessWorkaround", - "description": "The latest workaround for the \"Query is corrupt\" error introduced with CVE-2019-1402", - "fork": false, - "created_at": "2019-11-14T19:11:27Z", - "updated_at": "2021-12-05T22:16:37Z", - "pushed_at": "2019-12-10T18:51:25Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 4, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-1405.json b/2019/CVE-2019-1405.json deleted file mode 100644 index 39f3b71e13..0000000000 --- a/2019/CVE-2019-1405.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 221504958, - "name": "COMahawk", - "full_name": "apt69\/COMahawk", - "owner": { - "login": "apt69", - "id": 55776655, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/55776655?v=4", - "html_url": "https:\/\/github.com\/apt69" - }, - "html_url": "https:\/\/github.com\/apt69\/COMahawk", - "description": "Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322", - "fork": false, - "created_at": "2019-11-13T16:34:03Z", - "updated_at": "2022-12-27T13:59:16Z", - "pushed_at": "2019-11-14T14:16:54Z", - "stargazers_count": 312, - "watchers_count": 312, - "has_discussions": false, - "forks_count": 76, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 76, - "watchers": 312, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-1422.json b/2019/CVE-2019-1422.json deleted file mode 100644 index 995434830b..0000000000 --- a/2019/CVE-2019-1422.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 224766189, - "name": "cve-2019-1422", - "full_name": "ze0r\/cve-2019-1422", - "owner": { - "login": "ze0r", - "id": 43227253, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43227253?v=4", - "html_url": "https:\/\/github.com\/ze0r" - }, - "html_url": "https:\/\/github.com\/ze0r\/cve-2019-1422", - "description": null, - "fork": false, - "created_at": "2019-11-29T02:58:32Z", - "updated_at": "2022-11-15T17:43:33Z", - "pushed_at": "2019-11-29T07:26:27Z", - "stargazers_count": 15, - "watchers_count": 15, - "has_discussions": false, - "forks_count": 6, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 6, - "watchers": 15, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-14287.json b/2019/CVE-2019-14287.json index 3943513255..30a30ef959 100644 --- a/2019/CVE-2019-14287.json +++ b/2019/CVE-2019-14287.json @@ -124,35 +124,6 @@ "watchers": 9, "score": 0 }, - { - "id": 258967892, - "name": "sudo-vulnerability-CVE-2019-14287", - "full_name": "axax002\/sudo-vulnerability-CVE-2019-14287", - "owner": { - "login": "axax002", - "id": 55937601, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/55937601?v=4", - "html_url": "https:\/\/github.com\/axax002" - }, - "html_url": "https:\/\/github.com\/axax002\/sudo-vulnerability-CVE-2019-14287", - "description": "Sudo Vulnerability CVE-2019-14287", - "fork": false, - "created_at": "2020-04-26T07:29:44Z", - "updated_at": "2021-04-14T16:06:10Z", - "pushed_at": "2019-12-04T07:25:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 263100309, "name": "Exploit-CVE-2019-14287", diff --git a/2019/CVE-2019-14574.json b/2019/CVE-2019-14574.json new file mode 100644 index 0000000000..4431a12f05 --- /dev/null +++ b/2019/CVE-2019-14574.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960064, + "name": "CVE-2019-14574", + "full_name": "Live-Hack-CVE\/CVE-2019-14574", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-14574", + "description": "Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:57Z", + "updated_at": "2022-12-28T10:56:58Z", + "pushed_at": "2022-12-28T10:56:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-14590.json b/2019/CVE-2019-14590.json new file mode 100644 index 0000000000..8b37c6cb93 --- /dev/null +++ b/2019/CVE-2019-14590.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960083, + "name": "CVE-2019-14590", + "full_name": "Live-Hack-CVE\/CVE-2019-14590", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-14590", + "description": "Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:01Z", + "updated_at": "2022-12-28T10:57:01Z", + "pushed_at": "2022-12-28T10:57:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-14591.json b/2019/CVE-2019-14591.json new file mode 100644 index 0000000000..5d311d3821 --- /dev/null +++ b/2019/CVE-2019-14591.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960100, + "name": "CVE-2019-14591", + "full_name": "Live-Hack-CVE\/CVE-2019-14591", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-14591", + "description": "Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:04Z", + "updated_at": "2022-12-28T10:57:05Z", + "pushed_at": "2022-12-28T10:57:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-1476.json b/2019/CVE-2019-1476.json deleted file mode 100644 index df649c770a..0000000000 --- a/2019/CVE-2019-1476.json +++ /dev/null @@ -1,37 +0,0 @@ -[ - { - "id": 226188349, - "name": "CVE-2019-1476", - "full_name": "sgabe\/CVE-2019-1476", - "owner": { - "login": "sgabe", - "id": 5206619, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5206619?v=4", - "html_url": "https:\/\/github.com\/sgabe" - }, - "html_url": "https:\/\/github.com\/sgabe\/CVE-2019-1476", - "description": "AppXSvc Arbitrary File Overwrite DoS", - "fork": false, - "created_at": "2019-12-05T21:00:16Z", - "updated_at": "2022-07-22T10:51:55Z", - "pushed_at": "2019-12-10T18:12:43Z", - "stargazers_count": 5, - "watchers_count": 5, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "dos-attack", - "exploit", - "proof-of-concept", - "vulnerability", - "windows10" - ], - "visibility": "public", - "forks": 1, - "watchers": 5, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-14907.json b/2019/CVE-2019-14907.json new file mode 100644 index 0000000000..bc85234a85 --- /dev/null +++ b/2019/CVE-2019-14907.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935224, + "name": "CVE-2019-14907", + "full_name": "Live-Hack-CVE\/CVE-2019-14907", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-14907", + "description": "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In t CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:18Z", + "updated_at": "2022-12-28T09:28:18Z", + "pushed_at": "2022-12-28T09:28:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-15062.json b/2019/CVE-2019-15062.json new file mode 100644 index 0000000000..ff227e60e8 --- /dev/null +++ b/2019/CVE-2019-15062.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911801, + "name": "CVE-2019-15062", + "full_name": "Live-Hack-CVE\/CVE-2019-15062", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-15062", + "description": "An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user\/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, beca CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:52Z", + "updated_at": "2022-12-28T08:00:52Z", + "pushed_at": "2022-12-28T08:00:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-15120.json b/2019/CVE-2019-15120.json deleted file mode 100644 index a8ba2be149..0000000000 --- a/2019/CVE-2019-15120.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 210601259, - "name": "CVE-2019-15120", - "full_name": "h3llraiser\/CVE-2019-15120", - "owner": { - "login": "h3llraiser", - "id": 52741391, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52741391?v=4", - "html_url": "https:\/\/github.com\/h3llraiser" - }, - "html_url": "https:\/\/github.com\/h3llraiser\/CVE-2019-15120", - "description": "Exploit for XSS via BBCode on Kunena extension before 5.1.14 for Joomla!", - "fork": false, - "created_at": "2019-09-24T12:47:09Z", - "updated_at": "2022-11-24T11:10:57Z", - "pushed_at": "2019-11-16T17:11:28Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-152.json b/2019/CVE-2019-152.json new file mode 100644 index 0000000000..901e36554c --- /dev/null +++ b/2019/CVE-2019-152.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893205, + "name": "CVE-2021-46837", + "full_name": "Live-Hack-CVE\/CVE-2021-46837", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-46837", + "description": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-152 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:22Z", + "updated_at": "2022-12-28T06:46:22Z", + "pushed_at": "2022-12-28T06:46:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-15505.json b/2019/CVE-2019-15505.json new file mode 100644 index 0000000000..9591e43c87 --- /dev/null +++ b/2019/CVE-2019-15505.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933937, + "name": "CVE-2019-15505", + "full_name": "Live-Hack-CVE\/CVE-2019-15505", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-15505", + "description": "drivers\/media\/usb\/dvb-usb\/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:24:06Z", + "updated_at": "2022-12-28T09:24:06Z", + "pushed_at": "2022-12-28T09:24:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-15511.json b/2019/CVE-2019-15511.json deleted file mode 100644 index 9b6eb8739e..0000000000 --- a/2019/CVE-2019-15511.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 203594549, - "name": "CVE-2019-15511", - "full_name": "adenkiewicz\/CVE-2019-15511", - "owner": { - "login": "adenkiewicz", - "id": 1060275, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1060275?v=4", - "html_url": "https:\/\/github.com\/adenkiewicz" - }, - "html_url": "https:\/\/github.com\/adenkiewicz\/CVE-2019-15511", - "description": "GOG Galaxy Exploit for CVE-2019-15511", - "fork": false, - "created_at": "2019-08-21T13:52:13Z", - "updated_at": "2022-11-24T11:10:49Z", - "pushed_at": "2019-11-15T14:50:47Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 3, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-15604.json b/2019/CVE-2019-15604.json new file mode 100644 index 0000000000..9233474592 --- /dev/null +++ b/2019/CVE-2019-15604.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935280, + "name": "CVE-2019-15604", + "full_name": "Live-Hack-CVE\/CVE-2019-15604", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-15604", + "description": "Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:29Z", + "updated_at": "2022-12-28T09:28:29Z", + "pushed_at": "2022-12-28T09:28:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-15605.json b/2019/CVE-2019-15605.json index cfbf4c4793..56719474b1 100644 --- a/2019/CVE-2019-15605.json +++ b/2019/CVE-2019-15605.json @@ -27,5 +27,34 @@ "forks": 1, "watchers": 0, "score": 0 + }, + { + "id": 582935440, + "name": "CVE-2019-15605", + "full_name": "Live-Hack-CVE\/CVE-2019-15605", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-15605", + "description": "HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:00Z", + "updated_at": "2022-12-28T09:29:00Z", + "pushed_at": "2022-12-28T09:29:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-15691.json b/2019/CVE-2019-15691.json new file mode 100644 index 0000000000..3f9a7201bf --- /dev/null +++ b/2019/CVE-2019-15691.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968939, + "name": "CVE-2019-15691", + "full_name": "Live-Hack-CVE\/CVE-2019-15691", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-15691", + "description": "TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of th CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:00Z", + "updated_at": "2022-12-28T11:30:00Z", + "pushed_at": "2022-12-28T11:30:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-15972.json b/2019/CVE-2019-15972.json deleted file mode 100644 index 780d4a9a21..0000000000 --- a/2019/CVE-2019-15972.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 222742364, - "name": "Cisco-UCM-SQLi-Scripts", - "full_name": "FSecureLABS\/Cisco-UCM-SQLi-Scripts", - "owner": { - "login": "FSecureLABS", - "id": 1469843, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1469843?v=4", - "html_url": "https:\/\/github.com\/FSecureLABS" - }, - "html_url": "https:\/\/github.com\/FSecureLABS\/Cisco-UCM-SQLi-Scripts", - "description": "Scripts that can be used to exploit CVE-2019-15972 which was an Authenticated SQLi issue in Cisco Unified Call Manager (UCM).", - "fork": false, - "created_at": "2019-11-19T16:38:39Z", - "updated_at": "2022-04-12T11:44:06Z", - "pushed_at": "2019-11-20T15:05:54Z", - "stargazers_count": 7, - "watchers_count": 7, - "has_discussions": false, - "forks_count": 7, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 7, - "watchers": 7, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-16097.json b/2019/CVE-2019-16097.json deleted file mode 100644 index 51c0bbd537..0000000000 --- a/2019/CVE-2019-16097.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 221669111, - "name": "CVE-2019-16097", - "full_name": "luckybool1020\/CVE-2019-16097", - "owner": { - "login": "luckybool1020", - "id": 16422202, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16422202?v=4", - "html_url": "https:\/\/github.com\/luckybool1020" - }, - "html_url": "https:\/\/github.com\/luckybool1020\/CVE-2019-16097", - "description": "Harbor 未授权创建管理员漏洞原理 docker及poc[基于pocsuite框架]", - "fork": false, - "created_at": "2019-11-14T10:19:47Z", - "updated_at": "2022-11-24T11:11:09Z", - "pushed_at": "2019-11-14T10:22:23Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 3, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-16197.json b/2019/CVE-2019-16197.json new file mode 100644 index 0000000000..ff18abceec --- /dev/null +++ b/2019/CVE-2019-16197.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911701, + "name": "CVE-2019-16197", + "full_name": "Live-Hack-CVE\/CVE-2019-16197", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-16197", + "description": "In htdocs\/societe\/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:35Z", + "updated_at": "2022-12-28T08:00:35Z", + "pushed_at": "2022-12-28T08:00:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-16278.json b/2019/CVE-2019-16278.json index ec0d86637b..076301d2c2 100644 --- a/2019/CVE-2019-16278.json +++ b/2019/CVE-2019-16278.json @@ -28,64 +28,6 @@ "watchers": 3, "score": 0 }, - { - "id": 223463242, - "name": "CVE-2019-16278", - "full_name": "AnubisSec\/CVE-2019-16278", - "owner": { - "login": "AnubisSec", - "id": 38790814, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/38790814?v=4", - "html_url": "https:\/\/github.com\/AnubisSec" - }, - "html_url": "https:\/\/github.com\/AnubisSec\/CVE-2019-16278", - "description": "A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Simply takes a host and port that the web server is running on. ", - "fork": false, - "created_at": "2019-11-22T18:35:14Z", - "updated_at": "2022-11-09T18:05:19Z", - "pushed_at": "2019-11-22T18:57:29Z", - "stargazers_count": 6, - "watchers_count": 6, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 6, - "score": 0 - }, - { - "id": 224208624, - "name": "CVE-2019-16278-Nostromo_1.9.6-RCE", - "full_name": "theRealFr13nd\/CVE-2019-16278-Nostromo_1.9.6-RCE", - "owner": { - "login": "theRealFr13nd", - "id": 36172640, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/36172640?v=4", - "html_url": "https:\/\/github.com\/theRealFr13nd" - }, - "html_url": "https:\/\/github.com\/theRealFr13nd\/CVE-2019-16278-Nostromo_1.9.6-RCE", - "description": "Python script to exploit RCE in Nostromo nhttpd <= 1.9.6.", - "fork": false, - "created_at": "2019-11-26T14:15:44Z", - "updated_at": "2022-03-05T13:09:13Z", - "pushed_at": "2019-11-26T14:26:03Z", - "stargazers_count": 7, - "watchers_count": 7, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 7, - "score": 0 - }, { "id": 231114950, "name": "cve-2019-16278", diff --git a/2019/CVE-2019-16685.json b/2019/CVE-2019-16685.json new file mode 100644 index 0000000000..4e9fedb629 --- /dev/null +++ b/2019/CVE-2019-16685.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903964, + "name": "CVE-2019-16685", + "full_name": "Live-Hack-CVE\/CVE-2019-16685", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-16685", + "description": "Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the \"Create\/modify other users, groups and permissions\" privilege can inject script and can also achieve privilege escalation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:30:00Z", + "updated_at": "2022-12-28T07:30:00Z", + "pushed_at": "2022-12-28T07:30:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-16686.json b/2019/CVE-2019-16686.json new file mode 100644 index 0000000000..6dfda62101 --- /dev/null +++ b/2019/CVE-2019-16686.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903997, + "name": "CVE-2019-16686", + "full_name": "Live-Hack-CVE\/CVE-2019-16686", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-16686", + "description": "Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:30:07Z", + "updated_at": "2022-12-28T07:30:07Z", + "pushed_at": "2022-12-28T07:30:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-16687.json b/2019/CVE-2019-16687.json new file mode 100644 index 0000000000..9fde91e560 --- /dev/null +++ b/2019/CVE-2019-16687.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911596, + "name": "CVE-2019-16687", + "full_name": "Live-Hack-CVE\/CVE-2019-16687", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-16687", + "description": "Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the \"Create\/modify other users, groups and permissions\" privilege can inject script and can also achieve privilege escalation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:12Z", + "updated_at": "2022-12-28T08:00:12Z", + "pushed_at": "2022-12-28T08:00:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-16688.json b/2019/CVE-2019-16688.json new file mode 100644 index 0000000000..b8e9510422 --- /dev/null +++ b/2019/CVE-2019-16688.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903945, + "name": "CVE-2019-16688", + "full_name": "Live-Hack-CVE\/CVE-2019-16688", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-16688", + "description": "Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.) CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:56Z", + "updated_at": "2022-12-28T07:29:57Z", + "pushed_at": "2022-12-28T07:29:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-17026.json b/2019/CVE-2019-17026.json index 0da7498b96..25fb8d5cad 100644 --- a/2019/CVE-2019-17026.json +++ b/2019/CVE-2019-17026.json @@ -56,5 +56,34 @@ "forks": 1, "watchers": 3, "score": 0 + }, + { + "id": 582935425, + "name": "CVE-2019-17026", + "full_name": "Live-Hack-CVE\/CVE-2019-17026", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-17026", + "description": "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:56Z", + "updated_at": "2022-12-28T09:28:56Z", + "pushed_at": "2022-12-28T09:28:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-17223.json b/2019/CVE-2019-17223.json new file mode 100644 index 0000000000..57434d0914 --- /dev/null +++ b/2019/CVE-2019-17223.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903622, + "name": "CVE-2019-17223", + "full_name": "Live-Hack-CVE\/CVE-2019-17223", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-17223", + "description": "There is HTML Injection in the Note field in Dolibarr ERP\/CRM 10.0.2 via user\/note.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:36Z", + "updated_at": "2022-12-28T07:28:36Z", + "pushed_at": "2022-12-28T07:28:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-17424.json b/2019/CVE-2019-17424.json deleted file mode 100644 index bf2811796a..0000000000 --- a/2019/CVE-2019-17424.json +++ /dev/null @@ -1,37 +0,0 @@ -[ - { - "id": 216429041, - "name": "CVE-2019-17424", - "full_name": "guywhataguy\/CVE-2019-17424", - "owner": { - "login": "guywhataguy", - "id": 33753158, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/33753158?v=4", - "html_url": "https:\/\/github.com\/guywhataguy" - }, - "html_url": "https:\/\/github.com\/guywhataguy\/CVE-2019-17424", - "description": "RCE Exploit For CVE-2019-17424 (nipper-ng 0.11.10)", - "fork": false, - "created_at": "2019-10-20T21:20:28Z", - "updated_at": "2020-04-20T05:07:36Z", - "pushed_at": "2019-11-16T09:47:12Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve", - "exploit", - "rce", - "stackoverflow", - "vulnerability" - ], - "visibility": "public", - "forks": 1, - "watchers": 4, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-17576.json b/2019/CVE-2019-17576.json new file mode 100644 index 0000000000..3e0e3745ea --- /dev/null +++ b/2019/CVE-2019-17576.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903684, + "name": "CVE-2019-17576", + "full_name": "Live-Hack-CVE\/CVE-2019-17576", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-17576", + "description": "An issue was discovered in Dolibarr 10.0.2. It has XSS via the \"outgoing email setup\" feature in the \/admin\/mails.php?action=edit URI via the \"Send all emails to (instead of real recipients, for test purposes)\" field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:53Z", + "updated_at": "2022-12-28T07:28:53Z", + "pushed_at": "2022-12-28T07:28:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-17577.json b/2019/CVE-2019-17577.json new file mode 100644 index 0000000000..6fe21c7354 --- /dev/null +++ b/2019/CVE-2019-17577.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903643, + "name": "CVE-2019-17577", + "full_name": "Live-Hack-CVE\/CVE-2019-17577", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-17577", + "description": "An issue was discovered in Dolibarr 10.0.2. It has XSS via the \"outgoing email setup\" feature in the admin\/mails.php?action=edit URI via the \"Email used for error returns emails (fields 'Errors-To' in emails sent)\" field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:43Z", + "updated_at": "2022-12-28T07:28:43Z", + "pushed_at": "2022-12-28T07:28:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-17578.json b/2019/CVE-2019-17578.json new file mode 100644 index 0000000000..70f3b42483 --- /dev/null +++ b/2019/CVE-2019-17578.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903714, + "name": "CVE-2019-17578", + "full_name": "Live-Hack-CVE\/CVE-2019-17578", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-17578", + "description": "An issue was discovered in Dolibarr 10.0.2. It has XSS via the \"outgoing email setup\" feature in the admin\/mails.php?action=edit URI via the \"Sender email for automatic emails (default value in php.ini: Undefined)\" field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:00Z", + "updated_at": "2022-12-28T07:29:00Z", + "pushed_at": "2022-12-28T07:29:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-18218.json b/2019/CVE-2019-18218.json new file mode 100644 index 0000000000..e9e0898e47 --- /dev/null +++ b/2019/CVE-2019-18218.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969647, + "name": "CVE-2019-18218", + "full_name": "Live-Hack-CVE\/CVE-2019-18218", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-18218", + "description": "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:32Z", + "updated_at": "2022-12-28T11:32:32Z", + "pushed_at": "2022-12-28T11:32:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-18898.json b/2019/CVE-2019-18898.json new file mode 100644 index 0000000000..7239d09c1c --- /dev/null +++ b/2019/CVE-2019-18898.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959353, + "name": "CVE-2019-18898", + "full_name": "Live-Hack-CVE\/CVE-2019-18898", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-18898", + "description": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trous CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:35Z", + "updated_at": "2022-12-28T10:54:35Z", + "pushed_at": "2022-12-28T10:54:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-18901.json b/2019/CVE-2019-18901.json new file mode 100644 index 0000000000..5354cf50ce --- /dev/null +++ b/2019/CVE-2019-18901.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934886, + "name": "CVE-2019-18901", + "full_name": "Live-Hack-CVE\/CVE-2019-18901", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-18901", + "description": "A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb version CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:16Z", + "updated_at": "2022-12-28T09:27:16Z", + "pushed_at": "2022-12-28T09:27:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-19012.json b/2019/CVE-2019-19012.json deleted file mode 100644 index 415f4500c0..0000000000 --- a/2019/CVE-2019-19012.json +++ /dev/null @@ -1,60 +0,0 @@ -[ - { - "id": 222906322, - "name": "CVE-2019-19012", - "full_name": "ManhNDd\/CVE-2019-19012", - "owner": { - "login": "ManhNDd", - "id": 18594865, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18594865?v=4", - "html_url": "https:\/\/github.com\/ManhNDd" - }, - "html_url": "https:\/\/github.com\/ManhNDd\/CVE-2019-19012", - "description": "Integer overflow in Oniguruma", - "fork": false, - "created_at": "2019-11-20T10:00:18Z", - "updated_at": "2019-12-03T08:44:25Z", - "pushed_at": "2019-11-20T15:53:38Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - }, - { - "id": 222956814, - "name": "CVE-2019-19012", - "full_name": "tarantula-team\/CVE-2019-19012", - "owner": { - "login": "tarantula-team", - "id": 51333391, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/51333391?v=4", - "html_url": "https:\/\/github.com\/tarantula-team" - }, - "html_url": "https:\/\/github.com\/tarantula-team\/CVE-2019-19012", - "description": "An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read", - "fork": false, - "created_at": "2019-11-20T14:32:23Z", - "updated_at": "2019-11-20T15:24:36Z", - "pushed_at": "2019-11-20T15:24:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-19033.json b/2019/CVE-2019-19033.json deleted file mode 100644 index a56dfe7844..0000000000 --- a/2019/CVE-2019-19033.json +++ /dev/null @@ -1,37 +0,0 @@ -[ - { - "id": 222300876, - "name": "CVE-2019-19033", - "full_name": "ricardojoserf\/CVE-2019-19033", - "owner": { - "login": "ricardojoserf", - "id": 11477353, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11477353?v=4", - "html_url": "https:\/\/github.com\/ricardojoserf" - }, - "html_url": "https:\/\/github.com\/ricardojoserf\/CVE-2019-19033", - "description": "CVE-2019-19033 description and scripts to check the vulnerability in Jalios JCMS 10 (Authentication Bypass)", - "fork": false, - "created_at": "2019-11-17T19:32:10Z", - "updated_at": "2021-11-14T00:45:55Z", - "pushed_at": "2019-12-03T19:22:32Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve", - "cve-2019-19033", - "jalios", - "vulnerability", - "webdav" - ], - "visibility": "public", - "forks": 2, - "watchers": 4, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-19203.json b/2019/CVE-2019-19203.json index 73a85ee829..baa9ee0de2 100644 --- a/2019/CVE-2019-19203.json +++ b/2019/CVE-2019-19203.json @@ -1,33 +1,4 @@ [ - { - "id": 223278825, - "name": "CVE-2019-19203", - "full_name": "ManhNDd\/CVE-2019-19203", - "owner": { - "login": "ManhNDd", - "id": 18594865, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18594865?v=4", - "html_url": "https:\/\/github.com\/ManhNDd" - }, - "html_url": "https:\/\/github.com\/ManhNDd\/CVE-2019-19203", - "description": "Heap-buffer-overflow in Oniguruma (function gb18030_mbc_enc_len)", - "fork": false, - "created_at": "2019-11-21T22:43:34Z", - "updated_at": "2021-01-04T16:55:17Z", - "pushed_at": "2019-11-22T00:04:51Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - }, { "id": 229900382, "name": "CVE-2019-19203", diff --git a/2019/CVE-2019-19204.json b/2019/CVE-2019-19204.json index d8c7666cae..d8738ff5da 100644 --- a/2019/CVE-2019-19204.json +++ b/2019/CVE-2019-19204.json @@ -1,33 +1,4 @@ [ - { - "id": 223286619, - "name": "CVE-2019-19204", - "full_name": "ManhNDd\/CVE-2019-19204", - "owner": { - "login": "ManhNDd", - "id": 18594865, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18594865?v=4", - "html_url": "https:\/\/github.com\/ManhNDd" - }, - "html_url": "https:\/\/github.com\/ManhNDd\/CVE-2019-19204", - "description": "Heap-buffer-overflow in Oniguruma (function fetch_interval_quantifier)", - "fork": false, - "created_at": "2019-11-21T23:53:16Z", - "updated_at": "2022-10-05T22:57:34Z", - "pushed_at": "2019-11-22T00:04:37Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - }, { "id": 229901564, "name": "CVE-2019-19204", diff --git a/2019/CVE-2019-19206.json b/2019/CVE-2019-19206.json new file mode 100644 index 0000000000..be9ebc031b --- /dev/null +++ b/2019/CVE-2019-19206.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903670, + "name": "CVE-2019-19206", + "full_name": "Live-Hack-CVE\/CVE-2019-19206", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-19206", + "description": "Dolibarr CRM\/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:50Z", + "updated_at": "2022-12-28T07:28:50Z", + "pushed_at": "2022-12-28T07:28:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-19268.json b/2019/CVE-2019-19268.json deleted file mode 100644 index b917f514c4..0000000000 --- a/2019/CVE-2019-19268.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 223930097, - "name": "CVE-2019-19268", - "full_name": "TheCyberGeek\/CVE-2019-19268", - "owner": { - "login": "TheCyberGeek", - "id": 52138157, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52138157?v=4", - "html_url": "https:\/\/github.com\/TheCyberGeek" - }, - "html_url": "https:\/\/github.com\/TheCyberGeek\/CVE-2019-19268", - "description": "New Found 0-days!", - "fork": false, - "created_at": "2019-11-25T11:14:26Z", - "updated_at": "2022-06-28T16:20:58Z", - "pushed_at": "2019-12-04T10:14:51Z", - "stargazers_count": 37, - "watchers_count": 37, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 37, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-19634.json b/2019/CVE-2019-19634.json deleted file mode 100644 index 0300376ad3..0000000000 --- a/2019/CVE-2019-19634.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 226651675, - "name": "CVE-2019-19634", - "full_name": "jra89\/CVE-2019-19634", - "owner": { - "login": "jra89", - "id": 2511696, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2511696?v=4", - "html_url": "https:\/\/github.com\/jra89" - }, - "html_url": "https:\/\/github.com\/jra89\/CVE-2019-19634", - "description": "This is a filter bypass exploit that results in arbitrary file upload and remote code execution in class.upload.php <= 2.0.4", - "fork": false, - "created_at": "2019-12-08T10:44:51Z", - "updated_at": "2022-07-06T21:45:25Z", - "pushed_at": "2019-12-08T17:55:01Z", - "stargazers_count": 36, - "watchers_count": 36, - "has_discussions": false, - "forks_count": 10, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 10, - "watchers": 36, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-19651.json b/2019/CVE-2019-19651.json deleted file mode 100644 index 5e0e7d0639..0000000000 --- a/2019/CVE-2019-19651.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 227379066, - "name": "CVE-2019-19651", - "full_name": "jra89\/CVE-2019-19651", - "owner": { - "login": "jra89", - "id": 2511696, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2511696?v=4", - "html_url": "https:\/\/github.com\/jra89" - }, - "html_url": "https:\/\/github.com\/jra89\/CVE-2019-19651", - "description": "Chevereto reflected XSS in Website Name - 1.0.0 - 1.1.4 Free, <= 3.13.5 Core", - "fork": false, - "created_at": "2019-12-11T14:00:32Z", - "updated_at": "2020-08-27T17:38:10Z", - "pushed_at": "2019-12-11T14:11:56Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-19652.json b/2019/CVE-2019-19652.json deleted file mode 100644 index 0da61a85b6..0000000000 --- a/2019/CVE-2019-19652.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 227375117, - "name": "CVE-2019-19652", - "full_name": "jra89\/CVE-2019-19652", - "owner": { - "login": "jra89", - "id": 2511696, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2511696?v=4", - "html_url": "https:\/\/github.com\/jra89" - }, - "html_url": "https:\/\/github.com\/jra89\/CVE-2019-19652", - "description": "Chevereto downgrade attack - 1.0.0 - 1.1.4 Free, <= 3.13.5 Core", - "fork": false, - "created_at": "2019-12-11T13:42:18Z", - "updated_at": "2020-01-11T13:36:18Z", - "pushed_at": "2019-12-11T14:41:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-19947.json b/2019/CVE-2019-19947.json new file mode 100644 index 0000000000..17b61a2bae --- /dev/null +++ b/2019/CVE-2019-19947.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960513, + "name": "CVE-2019-19947", + "full_name": "Live-Hack-CVE\/CVE-2019-19947", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-19947", + "description": "In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers\/net\/can\/usb\/kvaser_usb\/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:33Z", + "updated_at": "2022-12-28T10:58:33Z", + "pushed_at": "2022-12-28T10:58:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-20434.json b/2019/CVE-2019-20434.json new file mode 100644 index 0000000000..28ce9cb856 --- /dev/null +++ b/2019/CVE-2019-20434.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959338, + "name": "CVE-2019-20434", + "full_name": "Live-Hack-CVE\/CVE-2019-20434", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-20434", + "description": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:32Z", + "updated_at": "2022-12-28T10:54:32Z", + "pushed_at": "2022-12-28T10:54:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-20435.json b/2019/CVE-2019-20435.json new file mode 100644 index 0000000000..c6b4e0b782 --- /dev/null +++ b/2019/CVE-2019-20435.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959306, + "name": "CVE-2019-20435", + "full_name": "Live-Hack-CVE\/CVE-2019-20435", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-20435", + "description": "An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:25Z", + "updated_at": "2022-12-28T10:54:25Z", + "pushed_at": "2022-12-28T10:54:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-20436.json b/2019/CVE-2019-20436.json new file mode 100644 index 0000000000..af73be8c91 --- /dev/null +++ b/2019/CVE-2019-20436.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959201, + "name": "CVE-2019-20436", + "full_name": "Live-Hack-CVE\/CVE-2019-20436", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-20436", + "description": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:00Z", + "updated_at": "2022-12-28T10:54:00Z", + "pushed_at": "2022-12-28T10:54:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-20437.json b/2019/CVE-2019-20437.json new file mode 100644 index 0000000000..0f2d34a099 --- /dev/null +++ b/2019/CVE-2019-20437.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959291, + "name": "CVE-2019-20437", + "full_name": "Live-Hack-CVE\/CVE-2019-20437", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-20437", + "description": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim i CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:21Z", + "updated_at": "2022-12-28T10:54:21Z", + "pushed_at": "2022-12-28T10:54:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-20439.json b/2019/CVE-2019-20439.json new file mode 100644 index 0000000000..3b572ae543 --- /dev/null +++ b/2019/CVE-2019-20439.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959192, + "name": "CVE-2019-20439", + "full_name": "Live-Hack-CVE\/CVE-2019-20439", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-20439", + "description": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the \"manage the API\" page of the API Publisher. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:53:57Z", + "updated_at": "2022-12-28T10:53:57Z", + "pushed_at": "2022-12-28T10:53:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-20790.json b/2019/CVE-2019-20790.json new file mode 100644 index 0000000000..dc29ec0704 --- /dev/null +++ b/2019/CVE-2019-20790.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935057, + "name": "CVE-2019-20790", + "full_name": "Live-Hack-CVE\/CVE-2019-20790", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-20790", + "description": "OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:49Z", + "updated_at": "2022-12-28T09:27:49Z", + "pushed_at": "2022-12-28T09:27:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-2198.json b/2019/CVE-2019-2198.json index 83c94bc60c..01300ac8c8 100644 --- a/2019/CVE-2019-2198.json +++ b/2019/CVE-2019-2198.json @@ -13,19 +13,19 @@ "description": "PoC Exploiting SQL Injection in Android's Download Provider in Selection Parameter (CVE-2019-2198)", "fork": false, "created_at": "2020-01-14T12:20:18Z", - "updated_at": "2021-10-16T11:55:51Z", + "updated_at": "2022-12-28T08:24:46Z", "pushed_at": "2020-01-17T10:10:31Z", - "stargazers_count": 31, - "watchers_count": 31, + "stargazers_count": 32, + "watchers_count": 32, "has_discussions": false, - "forks_count": 23, + "forks_count": 24, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 23, - "watchers": 31, + "forks": 24, + "watchers": 32, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-2525.json b/2019/CVE-2019-2525.json index 50cefdae26..85d05d515b 100644 --- a/2019/CVE-2019-2525.json +++ b/2019/CVE-2019-2525.json @@ -13,10 +13,10 @@ "description": "CVE-2019-2525 \/ CVE-2019-2548", "fork": false, "created_at": "2019-08-03T12:25:41Z", - "updated_at": "2022-12-26T09:27:35Z", + "updated_at": "2022-12-28T06:23:59Z", "pushed_at": "2020-09-04T07:18:04Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 6, + "watchers": 8, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-2618.json b/2019/CVE-2019-2618.json index c228e1274c..7abac5f6e6 100644 --- a/2019/CVE-2019-2618.json +++ b/2019/CVE-2019-2618.json @@ -115,35 +115,6 @@ "watchers": 847, "score": 0 }, - { - "id": 222606343, - "name": "cve-2019-2618", - "full_name": "ianxtianxt\/cve-2019-2618", - "owner": { - "login": "ianxtianxt", - "id": 45796484, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45796484?v=4", - "html_url": "https:\/\/github.com\/ianxtianxt" - }, - "html_url": "https:\/\/github.com\/ianxtianxt\/cve-2019-2618", - "description": "cve-2019-2618 需要用户名密码", - "fork": false, - "created_at": "2019-11-19T04:12:39Z", - "updated_at": "2020-07-03T04:04:02Z", - "pushed_at": "2019-11-19T04:13:03Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 1, - "score": 0 - }, { "id": 233997916, "name": "weblogicScanner", diff --git a/2019/CVE-2019-2725.json b/2019/CVE-2019-2725.json index 5d219ac452..9090694bea 100644 --- a/2019/CVE-2019-2725.json +++ b/2019/CVE-2019-2725.json @@ -376,35 +376,6 @@ "watchers": 67, "score": 0 }, - { - "id": 227509207, - "name": "CVE-2019-2725-POC", - "full_name": "N0b1e6\/CVE-2019-2725-POC", - "owner": { - "login": "N0b1e6", - "id": 46476997, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46476997?v=4", - "html_url": "https:\/\/github.com\/N0b1e6" - }, - "html_url": "https:\/\/github.com\/N0b1e6\/CVE-2019-2725-POC", - "description": "CVE-2019-2725-POC", - "fork": false, - "created_at": "2019-12-12T03:09:23Z", - "updated_at": "2019-12-12T03:11:14Z", - "pushed_at": "2019-12-12T03:11:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 232495610, "name": "weblogic_2019_2725_wls_batch", diff --git a/2019/CVE-2019-2729.json b/2019/CVE-2019-2729.json index bb34857913..f42cc4d6a8 100644 --- a/2019/CVE-2019-2729.json +++ b/2019/CVE-2019-2729.json @@ -114,5 +114,34 @@ "forks": 0, "watchers": 2, "score": 0 + }, + { + "id": 582959444, + "name": "CVE-2019-2729", + "full_name": "Live-Hack-CVE\/CVE-2019-2729", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-2729", + "description": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Serv CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:56Z", + "updated_at": "2022-12-28T10:54:56Z", + "pushed_at": "2022-12-28T10:54:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-2890.json b/2019/CVE-2019-2890.json index 7c9fc9fedb..eb722f7165 100644 --- a/2019/CVE-2019-2890.json +++ b/2019/CVE-2019-2890.json @@ -1,62 +1,4 @@ [ - { - "id": 226284594, - "name": "CVE-2019-2890", - "full_name": "SukaraLin\/CVE-2019-2890", - "owner": { - "login": "SukaraLin", - "id": 27796303, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/27796303?v=4", - "html_url": "https:\/\/github.com\/SukaraLin" - }, - "html_url": "https:\/\/github.com\/SukaraLin\/CVE-2019-2890", - "description": null, - "fork": false, - "created_at": "2019-12-06T08:46:31Z", - "updated_at": "2022-11-09T18:05:26Z", - "pushed_at": "2019-12-06T09:18:56Z", - "stargazers_count": 87, - "watchers_count": 87, - "has_discussions": false, - "forks_count": 26, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 26, - "watchers": 87, - "score": 0 - }, - { - "id": 226617297, - "name": "CVE-2019-2890", - "full_name": "jas502n\/CVE-2019-2890", - "owner": { - "login": "jas502n", - "id": 16593068, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", - "html_url": "https:\/\/github.com\/jas502n" - }, - "html_url": "https:\/\/github.com\/jas502n\/CVE-2019-2890", - "description": "CVE-2019-2890 WebLogic 反序列化RCE漏洞", - "fork": false, - "created_at": "2019-12-08T05:03:32Z", - "updated_at": "2022-11-18T03:43:58Z", - "pushed_at": "2019-12-08T05:50:42Z", - "stargazers_count": 40, - "watchers_count": 40, - "has_discussions": false, - "forks_count": 6, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 6, - "watchers": 40, - "score": 0 - }, { "id": 227987309, "name": "CVE-2019-2890", diff --git a/2019/CVE-2019-3396.json b/2019/CVE-2019-3396.json index 27855294c0..77a83ca58f 100644 --- a/2019/CVE-2019-3396.json +++ b/2019/CVE-2019-3396.json @@ -294,35 +294,6 @@ "watchers": 0, "score": 0 }, - { - "id": 223076925, - "name": "CVE-2019-3396", - "full_name": "am6539\/CVE-2019-3396", - "owner": { - "login": "am6539", - "id": 19407692, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19407692?v=4", - "html_url": "https:\/\/github.com\/am6539" - }, - "html_url": "https:\/\/github.com\/am6539\/CVE-2019-3396", - "description": null, - "fork": false, - "created_at": "2019-11-21T03:07:08Z", - "updated_at": "2019-11-21T03:18:13Z", - "pushed_at": "2019-11-21T03:18:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 227548353, "name": "CVE-2019-3396", diff --git a/2019/CVE-2019-3692.json b/2019/CVE-2019-3692.json new file mode 100644 index 0000000000..8782455e66 --- /dev/null +++ b/2019/CVE-2019-3692.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935240, + "name": "CVE-2019-3692", + "full_name": "Live-Hack-CVE\/CVE-2019-3692", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-3692", + "description": "The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior version CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:22Z", + "updated_at": "2022-12-28T09:28:22Z", + "pushed_at": "2022-12-28T09:28:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-3693.json b/2019/CVE-2019-3693.json new file mode 100644 index 0000000000..16915f4857 --- /dev/null +++ b/2019/CVE-2019-3693.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959369, + "name": "CVE-2019-3693", + "full_name": "Live-Hack-CVE\/CVE-2019-3693", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-3693", + "description": "A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Li CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:39Z", + "updated_at": "2022-12-28T10:54:39Z", + "pushed_at": "2022-12-28T10:54:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-3694.json b/2019/CVE-2019-3694.json new file mode 100644 index 0000000000..37622397b0 --- /dev/null +++ b/2019/CVE-2019-3694.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959320, + "name": "CVE-2019-3694", + "full_name": "Live-Hack-CVE\/CVE-2019-3694", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-3694", + "description": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:28Z", + "updated_at": "2022-12-28T10:54:28Z", + "pushed_at": "2022-12-28T10:54:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-3881.json b/2019/CVE-2019-3881.json new file mode 100644 index 0000000000..8c7ab50f37 --- /dev/null +++ b/2019/CVE-2019-3881.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980709, + "name": "CVE-2019-3881", + "full_name": "Live-Hack-CVE\/CVE-2019-3881", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-3881", + "description": "Bundler prior to 2.1.0 uses a predictable path in \/tmp\/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in th CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:07Z", + "updated_at": "2022-12-28T12:12:07Z", + "pushed_at": "2022-12-28T12:12:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-3886.json b/2019/CVE-2019-3886.json new file mode 100644 index 0000000000..1ef98d56e7 --- /dev/null +++ b/2019/CVE-2019-3886.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959473, + "name": "CVE-2019-3886", + "full_name": "Live-Hack-CVE\/CVE-2019-3886", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2019-3886", + "description": "An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:03Z", + "updated_at": "2022-12-28T10:55:03Z", + "pushed_at": "2022-12-28T10:55:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-3929.json b/2019/CVE-2019-3929.json deleted file mode 100644 index 096939b617..0000000000 --- a/2019/CVE-2019-3929.json +++ /dev/null @@ -1,37 +0,0 @@ -[ - { - "id": 209102630, - "name": "CVE-2019-3929", - "full_name": "xfox64x\/CVE-2019-3929", - "owner": { - "login": "xfox64x", - "id": 11416821, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11416821?v=4", - "html_url": "https:\/\/github.com\/xfox64x" - }, - "html_url": "https:\/\/github.com\/xfox64x\/CVE-2019-3929", - "description": "Crestron\/Barco\/Extron\/InFocus\/TeqAV Remote Command Injection (CVE-2019-3929) Metasploit Module", - "fork": false, - "created_at": "2019-09-17T16:23:04Z", - "updated_at": "2019-11-25T21:43:58Z", - "pushed_at": "2019-11-25T21:17:02Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "command-injection", - "crestron", - "crestron-devices", - "metasploit", - "metasploit-modules" - ], - "visibility": "public", - "forks": 2, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-5418.json b/2019/CVE-2019-5418.json index dcd1d17476..427c76e18d 100644 --- a/2019/CVE-2019-5418.json +++ b/2019/CVE-2019-5418.json @@ -181,35 +181,6 @@ "watchers": 1, "score": 0 }, - { - "id": 222660643, - "name": "CVE-2019-5418", - "full_name": "random-robbie\/CVE-2019-5418", - "owner": { - "login": "random-robbie", - "id": 4902869, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4902869?v=4", - "html_url": "https:\/\/github.com\/random-robbie" - }, - "html_url": "https:\/\/github.com\/random-robbie\/CVE-2019-5418", - "description": null, - "fork": false, - "created_at": "2019-11-19T09:40:06Z", - "updated_at": "2021-04-26T19:41:51Z", - "pushed_at": "2019-11-19T09:41:18Z", - "stargazers_count": 5, - "watchers_count": 5, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 5, - "score": 0 - }, { "id": 552810113, "name": "CVE-2019-5418", diff --git a/2019/CVE-2019-5700.json b/2019/CVE-2019-5700.json deleted file mode 100644 index 2dfa68fc9e..0000000000 --- a/2019/CVE-2019-5700.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 226178220, - "name": "CVE-2019-5700", - "full_name": "oscardagrach\/CVE-2019-5700", - "owner": { - "login": "oscardagrach", - "id": 17905072, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/17905072?v=4", - "html_url": "https:\/\/github.com\/oscardagrach" - }, - "html_url": "https:\/\/github.com\/oscardagrach\/CVE-2019-5700", - "description": "CVE-2019-5700", - "fork": false, - "created_at": "2019-12-05T19:54:33Z", - "updated_at": "2021-08-11T05:11:10Z", - "pushed_at": "2019-12-05T21:36:42Z", - "stargazers_count": 11, - "watchers_count": 11, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 11, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-5736.json b/2019/CVE-2019-5736.json index 9c8631aaa4..8f9038e18b 100644 --- a/2019/CVE-2019-5736.json +++ b/2019/CVE-2019-5736.json @@ -410,35 +410,6 @@ "watchers": 0, "score": 0 }, - { - "id": 214599324, - "name": "cve-2019-5736-poc", - "full_name": "chosam2\/cve-2019-5736-poc", - "owner": { - "login": "chosam2", - "id": 40632767, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40632767?v=4", - "html_url": "https:\/\/github.com\/chosam2" - }, - "html_url": "https:\/\/github.com\/chosam2\/cve-2019-5736-poc", - "description": null, - "fork": false, - "created_at": "2019-10-12T07:22:57Z", - "updated_at": "2019-11-16T09:01:20Z", - "pushed_at": "2019-11-16T09:01:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 227655174, "name": "Docker-Escape-Miner", diff --git a/2019/CVE-2019-5825.json b/2019/CVE-2019-5825.json deleted file mode 100644 index 995d248e7b..0000000000 --- a/2019/CVE-2019-5825.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 223578530, - "name": "CVE-2019-5825", - "full_name": "timwr\/CVE-2019-5825", - "owner": { - "login": "timwr", - "id": 684924, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/684924?v=4", - "html_url": "https:\/\/github.com\/timwr" - }, - "html_url": "https:\/\/github.com\/timwr\/CVE-2019-5825", - "description": null, - "fork": false, - "created_at": "2019-11-23T11:35:34Z", - "updated_at": "2022-10-05T05:25:44Z", - "pushed_at": "2019-11-25T06:09:35Z", - "stargazers_count": 7, - "watchers_count": 7, - "has_discussions": false, - "forks_count": 5, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 5, - "watchers": 7, - "score": 0 - } -] \ No newline at end of file diff --git a/2019/CVE-2019-7348.json b/2019/CVE-2019-7348.json new file mode 100644 index 0000000000..605112f985 --- /dev/null +++ b/2019/CVE-2019-7348.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901768, + "name": "CVE-2022-30768", + "full_name": "Live-Hack-CVE\/CVE-2022-30768", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30768", + "description": "A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a differ CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:14Z", + "updated_at": "2022-12-28T07:21:14Z", + "pushed_at": "2022-12-28T07:21:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-7609.json b/2019/CVE-2019-7609.json index 2d6187073d..9ccf172f92 100644 --- a/2019/CVE-2019-7609.json +++ b/2019/CVE-2019-7609.json @@ -64,35 +64,6 @@ "watchers": 139, "score": 0 }, - { - "id": 225175128, - "name": "CVE-2019-7609", - "full_name": "hekadan\/CVE-2019-7609", - "owner": { - "login": "hekadan", - "id": 57190788, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/57190788?v=4", - "html_url": "https:\/\/github.com\/hekadan" - }, - "html_url": "https:\/\/github.com\/hekadan\/CVE-2019-7609", - "description": null, - "fork": false, - "created_at": "2019-12-01T14:29:22Z", - "updated_at": "2022-06-25T03:46:49Z", - "pushed_at": "2019-12-01T14:34:37Z", - "stargazers_count": 21, - "watchers_count": 21, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 21, - "score": 0 - }, { "id": 252699702, "name": "CVE-2019-7609", diff --git a/2020/CVE-2020-0022.json b/2020/CVE-2020-0022.json index 802ef941b9..333f4b5c88 100644 --- a/2020/CVE-2020-0022.json +++ b/2020/CVE-2020-0022.json @@ -115,35 +115,6 @@ "watchers": 30, "score": 0 }, - { - "id": 321889394, - "name": "cve-2020-0022", - "full_name": "5k1l\/cve-2020-0022", - "owner": { - "login": "5k1l", - "id": 51367843, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/51367843?v=4", - "html_url": "https:\/\/github.com\/5k1l" - }, - "html_url": "https:\/\/github.com\/5k1l\/cve-2020-0022", - "description": "cve-2020-0022相关的一些东西", - "fork": false, - "created_at": "2020-12-16T06:25:41Z", - "updated_at": "2022-08-24T08:17:30Z", - "pushed_at": "2020-12-16T07:17:45Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 4, - "score": 0 - }, { "id": 341906494, "name": "CVE-2020-0022", diff --git a/2020/CVE-2020-0113.json b/2020/CVE-2020-0113.json deleted file mode 100644 index 9ded5b905d..0000000000 --- a/2020/CVE-2020-0113.json +++ /dev/null @@ -1,34 +0,0 @@ -[ - { - "id": 319039566, - "name": "ServiceCheater", - "full_name": "XDo0\/ServiceCheater", - "owner": { - "login": "XDo0", - "id": 30046447, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30046447?v=4", - "html_url": "https:\/\/github.com\/XDo0" - }, - "html_url": "https:\/\/github.com\/XDo0\/ServiceCheater", - "description": "Poc of CVE-2020-0113 & CVE-2020-0108", - "fork": false, - "created_at": "2020-12-06T13:27:33Z", - "updated_at": "2021-04-03T14:41:27Z", - "pushed_at": "2020-12-10T06:15:32Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "android", - "cve" - ], - "visibility": "public", - "forks": 2, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-0787.json b/2020/CVE-2020-0787.json index 8d1b5f163f..affb5c12f5 100644 --- a/2020/CVE-2020-0787.json +++ b/2020/CVE-2020-0787.json @@ -28,64 +28,6 @@ "watchers": 650, "score": 0 }, - { - "id": 320526580, - "name": "CVE-2020-0787", - "full_name": "MasterSploit\/CVE-2020-0787", - "owner": { - "login": "MasterSploit", - "id": 74764997, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/74764997?v=4", - "html_url": "https:\/\/github.com\/MasterSploit" - }, - "html_url": "https:\/\/github.com\/MasterSploit\/CVE-2020-0787", - "description": null, - "fork": false, - "created_at": "2020-12-11T09:27:34Z", - "updated_at": "2020-12-11T09:27:34Z", - "pushed_at": "2020-12-11T09:27:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 320527396, - "name": "CVE-2020-0787-BitsArbitraryFileMove-master", - "full_name": "MasterSploit\/CVE-2020-0787-BitsArbitraryFileMove-master", - "owner": { - "login": "MasterSploit", - "id": 74764997, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/74764997?v=4", - "html_url": "https:\/\/github.com\/MasterSploit" - }, - "html_url": "https:\/\/github.com\/MasterSploit\/CVE-2020-0787-BitsArbitraryFileMove-master", - "description": null, - "fork": false, - "created_at": "2020-12-11T09:31:06Z", - "updated_at": "2020-12-11T09:31:06Z", - "pushed_at": "2020-12-11T09:31:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 428621250, "name": "CVE-2020-0787", diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index 245138d622..e1ee22be7c 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -1767,35 +1767,6 @@ "watchers": 1, "score": 0 }, - { - "id": 314499390, - "name": "LPE---CVE-2020-0796", - "full_name": "MasterSploit\/LPE---CVE-2020-0796", - "owner": { - "login": "MasterSploit", - "id": 74764997, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/74764997?v=4", - "html_url": "https:\/\/github.com\/MasterSploit" - }, - "html_url": "https:\/\/github.com\/MasterSploit\/LPE---CVE-2020-0796", - "description": null, - "fork": false, - "created_at": "2020-11-20T09:00:08Z", - "updated_at": "2022-02-08T17:19:05Z", - "pushed_at": "2020-11-20T13:47:47Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": true, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - }, { "id": 328551475, "name": "CVE-2020-0796", diff --git a/2020/CVE-2020-10029.json b/2020/CVE-2020-10029.json new file mode 100644 index 0000000000..53402bbb2d --- /dev/null +++ b/2020/CVE-2020-10029.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960120, + "name": "CVE-2020-10029", + "full_name": "Live-Hack-CVE\/CVE-2020-10029", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10029", + "description": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps\/ieee754\/ldbl-96\/e_rem_pio2 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:08Z", + "updated_at": "2022-12-28T10:57:08Z", + "pushed_at": "2022-12-28T10:57:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10684.json b/2020/CVE-2020-10684.json new file mode 100644 index 0000000000..6301aac746 --- /dev/null +++ b/2020/CVE-2020-10684.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983413, + "name": "CVE-2020-10684", + "full_name": "Live-Hack-CVE\/CVE-2020-10684", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10684", + "description": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:21:28Z", + "updated_at": "2022-12-28T12:21:28Z", + "pushed_at": "2022-12-28T12:21:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10699.json b/2020/CVE-2020-10699.json new file mode 100644 index 0000000000..d52edf2de1 --- /dev/null +++ b/2020/CVE-2020-10699.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935184, + "name": "CVE-2020-10699", + "full_name": "Live-Hack-CVE\/CVE-2020-10699", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10699", + "description": "A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:11Z", + "updated_at": "2022-12-28T09:28:11Z", + "pushed_at": "2022-12-28T09:28:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10713.json b/2020/CVE-2020-10713.json new file mode 100644 index 0000000000..6a2dbfd653 --- /dev/null +++ b/2020/CVE-2020-10713.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934292, + "name": "CVE-2020-10713", + "full_name": "Live-Hack-CVE\/CVE-2020-10713", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10713", + "description": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:24Z", + "updated_at": "2022-12-28T09:25:24Z", + "pushed_at": "2022-12-28T09:25:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10714.json b/2020/CVE-2020-10714.json new file mode 100644 index 0000000000..6072df6f76 --- /dev/null +++ b/2020/CVE-2020-10714.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982224, + "name": "CVE-2020-10714", + "full_name": "Live-Hack-CVE\/CVE-2020-10714", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10714", + "description": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:23Z", + "updated_at": "2022-12-28T12:17:23Z", + "pushed_at": "2022-12-28T12:17:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10717.json b/2020/CVE-2020-10717.json new file mode 100644 index 0000000000..d8031cf671 --- /dev/null +++ b/2020/CVE-2020-10717.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934972, + "name": "CVE-2020-10717", + "full_name": "Live-Hack-CVE\/CVE-2020-10717", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10717", + "description": "A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:31Z", + "updated_at": "2022-12-28T09:27:31Z", + "pushed_at": "2022-12-28T09:27:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10732.json b/2020/CVE-2020-10732.json new file mode 100644 index 0000000000..acbf7267b8 --- /dev/null +++ b/2020/CVE-2020-10732.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980686, + "name": "CVE-2020-10732", + "full_name": "Live-Hack-CVE\/CVE-2020-10732", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10732", + "description": "A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:03Z", + "updated_at": "2022-12-28T12:12:03Z", + "pushed_at": "2022-12-28T12:12:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10735.json b/2020/CVE-2020-10735.json new file mode 100644 index 0000000000..0ca6aec882 --- /dev/null +++ b/2020/CVE-2020-10735.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947344, + "name": "CVE-2020-10735", + "full_name": "Live-Hack-CVE\/CVE-2020-10735", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10735", + "description": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). Th CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:10:56Z", + "updated_at": "2022-12-28T10:10:56Z", + "pushed_at": "2022-12-28T10:10:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10761.json b/2020/CVE-2020-10761.json new file mode 100644 index 0000000000..a3473b6b18 --- /dev/null +++ b/2020/CVE-2020-10761.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934635, + "name": "CVE-2020-10761", + "full_name": "Live-Hack-CVE\/CVE-2020-10761", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10761", + "description": "An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resu CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:23Z", + "updated_at": "2022-12-28T09:26:23Z", + "pushed_at": "2022-12-28T09:26:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10770.json b/2020/CVE-2020-10770.json index 7aeac7c2e4..c7b8c66f0c 100644 --- a/2020/CVE-2020-10770.json +++ b/2020/CVE-2020-10770.json @@ -27,5 +27,34 @@ "forks": 6, "watchers": 5, "score": 0 + }, + { + "id": 582959532, + "name": "CVE-2020-10770", + "full_name": "Live-Hack-CVE\/CVE-2020-10770", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10770", + "description": "A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:17Z", + "updated_at": "2022-12-28T10:55:17Z", + "pushed_at": "2022-12-28T10:55:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-10802.json b/2020/CVE-2020-10802.json new file mode 100644 index 0000000000..539ffc4fc8 --- /dev/null +++ b/2020/CVE-2020-10802.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935037, + "name": "CVE-2020-10802", + "full_name": "Live-Hack-CVE\/CVE-2020-10802", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10802", + "description": "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries\/classes\/Controllers\/Table\/TableSearchController.php. An attacker can generate a crafted database or tab CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:45Z", + "updated_at": "2022-12-28T09:27:45Z", + "pushed_at": "2022-12-28T09:27:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10803.json b/2020/CVE-2020-10803.json new file mode 100644 index 0000000000..55456ffd46 --- /dev/null +++ b/2020/CVE-2020-10803.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934368, + "name": "CVE-2020-10803", + "full_name": "Live-Hack-CVE\/CVE-2020-10803", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10803", + "description": "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries\/classes\/Display\/Results.php). The attacker must be able to insert crafted data into CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:34Z", + "updated_at": "2022-12-28T09:25:34Z", + "pushed_at": "2022-12-28T09:25:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10804.json b/2020/CVE-2020-10804.json new file mode 100644 index 0000000000..c477251e0e --- /dev/null +++ b/2020/CVE-2020-10804.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935262, + "name": "CVE-2020-10804", + "full_name": "Live-Hack-CVE\/CVE-2020-10804", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10804", + "description": "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries\/classes\/Server\/Privileges.php and libraries\/classes\/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim int CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:25Z", + "updated_at": "2022-12-28T09:28:25Z", + "pushed_at": "2022-12-28T09:28:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10936.json b/2020/CVE-2020-10936.json new file mode 100644 index 0000000000..9f5a145c2a --- /dev/null +++ b/2020/CVE-2020-10936.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982835, + "name": "CVE-2020-10936", + "full_name": "Live-Hack-CVE\/CVE-2020-10936", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-10936", + "description": "Sympa before 6.2.56 allows privilege escalation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:29Z", + "updated_at": "2022-12-28T12:19:29Z", + "pushed_at": "2022-12-28T12:19:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-10977.json b/2020/CVE-2020-10977.json index e51d69ab14..ec8255d43d 100644 --- a/2020/CVE-2020-10977.json +++ b/2020/CVE-2020-10977.json @@ -62,35 +62,6 @@ "watchers": 64, "score": 0 }, - { - "id": 316070312, - "name": "CVE-2020-10977.py", - "full_name": "JustMichi\/CVE-2020-10977.py", - "owner": { - "login": "JustMichi", - "id": 10670516, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10670516?v=4", - "html_url": "https:\/\/github.com\/JustMichi" - }, - "html_url": "https:\/\/github.com\/JustMichi\/CVE-2020-10977.py", - "description": "authenticated arbitrary file read for Gitlab (CVE-2020-10977)", - "fork": false, - "created_at": "2020-11-25T22:48:26Z", - "updated_at": "2020-11-26T19:40:32Z", - "pushed_at": "2020-11-26T19:40:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 332278953, "name": "cve-2020-10977", diff --git a/2020/CVE-2020-11651.json b/2020/CVE-2020-11651.json index f756e81f01..ce14423f42 100644 --- a/2020/CVE-2020-11651.json +++ b/2020/CVE-2020-11651.json @@ -331,35 +331,6 @@ "watchers": 0, "score": 0 }, - { - "id": 317171675, - "name": "salt-rce-scanner-CVE-2020-11651-CVE-2020-11652", - "full_name": "appcheck-ng\/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652", - "owner": { - "login": "appcheck-ng", - "id": 72451531, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/72451531?v=4", - "html_url": "https:\/\/github.com\/appcheck-ng" - }, - "html_url": "https:\/\/github.com\/appcheck-ng\/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652", - "description": "Scanning tool to test for SaltStack vulnerabilities CVE-2020-11651 & CVE-2020-11652.", - "fork": false, - "created_at": "2020-11-30T09:23:23Z", - "updated_at": "2020-11-30T09:48:22Z", - "pushed_at": "2020-11-30T09:26:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 412501071, "name": "cve-2020-11651", diff --git a/2020/CVE-2020-11759.json b/2020/CVE-2020-11759.json new file mode 100644 index 0000000000..3c4c430dce --- /dev/null +++ b/2020/CVE-2020-11759.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946434, + "name": "CVE-2020-11759", + "full_name": "Live-Hack-CVE\/CVE-2020-11759", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11759", + "description": "An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:56Z", + "updated_at": "2022-12-28T10:07:56Z", + "pushed_at": "2022-12-28T10:07:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11760.json b/2020/CVE-2020-11760.json new file mode 100644 index 0000000000..0f53e0acc7 --- /dev/null +++ b/2020/CVE-2020-11760.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945900, + "name": "CVE-2020-11760", + "full_name": "Live-Hack-CVE\/CVE-2020-11760", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11760", + "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:07Z", + "updated_at": "2022-12-28T10:06:07Z", + "pushed_at": "2022-12-28T10:06:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11761.json b/2020/CVE-2020-11761.json new file mode 100644 index 0000000000..ebdeaf6b52 --- /dev/null +++ b/2020/CVE-2020-11761.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946399, + "name": "CVE-2020-11761", + "full_name": "Live-Hack-CVE\/CVE-2020-11761", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11761", + "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:48Z", + "updated_at": "2022-12-28T10:07:48Z", + "pushed_at": "2022-12-28T10:07:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11762.json b/2020/CVE-2020-11762.json new file mode 100644 index 0000000000..9bd4281058 --- /dev/null +++ b/2020/CVE-2020-11762.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946545, + "name": "CVE-2020-11762", + "full_name": "Live-Hack-CVE\/CVE-2020-11762", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11762", + "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:17Z", + "updated_at": "2022-12-28T10:08:17Z", + "pushed_at": "2022-12-28T10:08:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11763.json b/2020/CVE-2020-11763.json new file mode 100644 index 0000000000..5f2aacd0cb --- /dev/null +++ b/2020/CVE-2020-11763.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945825, + "name": "CVE-2020-11763", + "full_name": "Live-Hack-CVE\/CVE-2020-11763", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11763", + "description": "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:05:53Z", + "updated_at": "2022-12-28T10:05:53Z", + "pushed_at": "2022-12-28T10:05:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11764.json b/2020/CVE-2020-11764.json new file mode 100644 index 0000000000..37d9398154 --- /dev/null +++ b/2020/CVE-2020-11764.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945849, + "name": "CVE-2020-11764", + "full_name": "Live-Hack-CVE\/CVE-2020-11764", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11764", + "description": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:05:56Z", + "updated_at": "2022-12-28T10:05:56Z", + "pushed_at": "2022-12-28T10:05:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11823.json b/2020/CVE-2020-11823.json new file mode 100644 index 0000000000..17a299b083 --- /dev/null +++ b/2020/CVE-2020-11823.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911833, + "name": "CVE-2020-11823", + "full_name": "Live-Hack-CVE\/CVE-2020-11823", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11823", + "description": "In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:59Z", + "updated_at": "2022-12-28T08:00:59Z", + "pushed_at": "2022-12-28T08:01:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11825.json b/2020/CVE-2020-11825.json new file mode 100644 index 0000000000..97ccb95bdd --- /dev/null +++ b/2020/CVE-2020-11825.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911880, + "name": "CVE-2020-11825", + "full_name": "Live-Hack-CVE\/CVE-2020-11825", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11825", + "description": "In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:01:10Z", + "updated_at": "2022-12-28T08:01:10Z", + "pushed_at": "2022-12-28T08:01:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11853.json b/2020/CVE-2020-11853.json new file mode 100644 index 0000000000..c78294c8d2 --- /dev/null +++ b/2020/CVE-2020-11853.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924708, + "name": "CVE-2020-11853", + "full_name": "Live-Hack-CVE\/CVE-2020-11853", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11853", + "description": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:18Z", + "updated_at": "2022-12-28T08:50:18Z", + "pushed_at": "2022-12-28T08:50:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11858.json b/2020/CVE-2020-11858.json new file mode 100644 index 0000000000..c9936b2c21 --- /dev/null +++ b/2020/CVE-2020-11858.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924811, + "name": "CVE-2020-11858", + "full_name": "Live-Hack-CVE\/CVE-2020-11858", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-11858", + "description": "Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier vers CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:42Z", + "updated_at": "2022-12-28T08:50:42Z", + "pushed_at": "2022-12-28T08:50:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-11975.json b/2020/CVE-2020-11975.json deleted file mode 100644 index c0a0b22fa6..0000000000 --- a/2020/CVE-2020-11975.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 315527204, - "name": "unomi_exploit", - "full_name": "1135\/unomi_exploit", - "owner": { - "login": "1135", - "id": 19515911, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19515911?v=4", - "html_url": "https:\/\/github.com\/1135" - }, - "html_url": "https:\/\/github.com\/1135\/unomi_exploit", - "description": "CVE-2020-11975 CVE-2020-13942", - "fork": false, - "created_at": "2020-11-24T05:23:42Z", - "updated_at": "2022-04-05T03:23:53Z", - "pushed_at": "2020-12-01T08:25:06Z", - "stargazers_count": 6, - "watchers_count": 6, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 6, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-12137.json b/2020/CVE-2020-12137.json new file mode 100644 index 0000000000..ebbe59f975 --- /dev/null +++ b/2020/CVE-2020-12137.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935121, + "name": "CVE-2020-12137", + "full_name": "Live-Hack-CVE\/CVE-2020-12137", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12137", + "description": "GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application\/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME ty CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:59Z", + "updated_at": "2022-12-28T09:27:59Z", + "pushed_at": "2022-12-28T09:28:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12272.json b/2020/CVE-2020-12272.json new file mode 100644 index 0000000000..1d08aff72e --- /dev/null +++ b/2020/CVE-2020-12272.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935022, + "name": "CVE-2020-12272", + "full_name": "Live-Hack-CVE\/CVE-2020-12272", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12272", + "description": "OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF\/DKIM authentication results, as demonstrated by the example.net(.example.com substring. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:42Z", + "updated_at": "2022-12-28T09:27:42Z", + "pushed_at": "2022-12-28T09:27:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12507.json b/2020/CVE-2020-12507.json new file mode 100644 index 0000000000..8050be66bd --- /dev/null +++ b/2020/CVE-2020-12507.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913206, + "name": "CVE-2020-12507", + "full_name": "Live-Hack-CVE\/CVE-2020-12507", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12507", + "description": "In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:12Z", + "updated_at": "2022-12-28T08:06:12Z", + "pushed_at": "2022-12-28T08:06:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12508.json b/2020/CVE-2020-12508.json new file mode 100644 index 0000000000..4aadc47f2e --- /dev/null +++ b/2020/CVE-2020-12508.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913273, + "name": "CVE-2020-12508", + "full_name": "Live-Hack-CVE\/CVE-2020-12508", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12508", + "description": "In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:27Z", + "updated_at": "2022-12-28T08:06:27Z", + "pushed_at": "2022-12-28T08:06:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12509.json b/2020/CVE-2020-12509.json new file mode 100644 index 0000000000..9363cdbcf5 --- /dev/null +++ b/2020/CVE-2020-12509.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982630, + "name": "CVE-2020-12509", + "full_name": "Live-Hack-CVE\/CVE-2020-12509", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12509", + "description": "In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:46Z", + "updated_at": "2022-12-28T12:18:46Z", + "pushed_at": "2022-12-28T12:18:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12672.json b/2020/CVE-2020-12672.json new file mode 100644 index 0000000000..f366beb49b --- /dev/null +++ b/2020/CVE-2020-12672.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946417, + "name": "CVE-2020-12672", + "full_name": "Live-Hack-CVE\/CVE-2020-12672", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12672", + "description": "GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders\/png.c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:52Z", + "updated_at": "2022-12-28T10:07:52Z", + "pushed_at": "2022-12-28T10:07:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12762.json b/2020/CVE-2020-12762.json new file mode 100644 index 0000000000..4b7b9a48d5 --- /dev/null +++ b/2020/CVE-2020-12762.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945955, + "name": "CVE-2020-12762", + "full_name": "Live-Hack-CVE\/CVE-2020-12762", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12762", + "description": "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:18Z", + "updated_at": "2022-12-28T10:06:18Z", + "pushed_at": "2022-12-28T10:06:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12783.json b/2020/CVE-2020-12783.json new file mode 100644 index 0000000000..a399bd9f6c --- /dev/null +++ b/2020/CVE-2020-12783.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935076, + "name": "CVE-2020-12783", + "full_name": "Live-Hack-CVE\/CVE-2020-12783", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12783", + "description": "Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA\/NTLM authentication bypass in auths\/spa.c and auths\/auth-spa.c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:52Z", + "updated_at": "2022-12-28T09:27:52Z", + "pushed_at": "2022-12-28T09:27:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12862.json b/2020/CVE-2020-12862.json new file mode 100644 index 0000000000..38c86e84a8 --- /dev/null +++ b/2020/CVE-2020-12862.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982979, + "name": "CVE-2020-12862", + "full_name": "Live-Hack-CVE\/CVE-2020-12862", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12862", + "description": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:00Z", + "updated_at": "2022-12-28T12:20:00Z", + "pushed_at": "2022-12-28T12:20:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12863.json b/2020/CVE-2020-12863.json new file mode 100644 index 0000000000..375a069182 --- /dev/null +++ b/2020/CVE-2020-12863.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983015, + "name": "CVE-2020-12863", + "full_name": "Live-Hack-CVE\/CVE-2020-12863", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12863", + "description": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:07Z", + "updated_at": "2022-12-28T12:20:07Z", + "pushed_at": "2022-12-28T12:20:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12865.json b/2020/CVE-2020-12865.json new file mode 100644 index 0000000000..5ff085b7b8 --- /dev/null +++ b/2020/CVE-2020-12865.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983029, + "name": "CVE-2020-12865", + "full_name": "Live-Hack-CVE\/CVE-2020-12865", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12865", + "description": "A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:10Z", + "updated_at": "2022-12-28T12:20:10Z", + "pushed_at": "2022-12-28T12:20:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12867.json b/2020/CVE-2020-12867.json new file mode 100644 index 0000000000..8c11acb5fb --- /dev/null +++ b/2020/CVE-2020-12867.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934576, + "name": "CVE-2020-12867", + "full_name": "Live-Hack-CVE\/CVE-2020-12867", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12867", + "description": "A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:12Z", + "updated_at": "2022-12-28T09:26:12Z", + "pushed_at": "2022-12-28T09:26:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-12888.json b/2020/CVE-2020-12888.json new file mode 100644 index 0000000000..73edee6b1a --- /dev/null +++ b/2020/CVE-2020-12888.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945941, + "name": "CVE-2020-12888", + "full_name": "Live-Hack-CVE\/CVE-2020-12888", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-12888", + "description": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:14Z", + "updated_at": "2022-12-28T10:06:14Z", + "pushed_at": "2022-12-28T10:06:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-13239.json b/2020/CVE-2020-13239.json new file mode 100644 index 0000000000..c92d26eeea --- /dev/null +++ b/2020/CVE-2020-13239.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911687, + "name": "CVE-2020-13239", + "full_name": "Live-Hack-CVE\/CVE-2020-13239", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-13239", + "description": "The DMS\/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:31Z", + "updated_at": "2022-12-28T08:00:31Z", + "pushed_at": "2022-12-28T08:00:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-13240.json b/2020/CVE-2020-13240.json new file mode 100644 index 0000000000..3019500a09 --- /dev/null +++ b/2020/CVE-2020-13240.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911615, + "name": "CVE-2020-13240", + "full_name": "Live-Hack-CVE\/CVE-2020-13240", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-13240", + "description": "The DMS\/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:15Z", + "updated_at": "2022-12-28T08:00:15Z", + "pushed_at": "2022-12-28T08:00:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-13249.json b/2020/CVE-2020-13249.json new file mode 100644 index 0000000000..f869ae7560 --- /dev/null +++ b/2020/CVE-2020-13249.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934621, + "name": "CVE-2020-13249", + "full_name": "Live-Hack-CVE\/CVE-2020-13249", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-13249", + "description": "libmariadb\/mariadb_lib.c in MariaDB Connector\/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:19Z", + "updated_at": "2022-12-28T09:26:19Z", + "pushed_at": "2022-12-28T09:26:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-13285.json b/2020/CVE-2020-13285.json new file mode 100644 index 0000000000..c0d9495380 --- /dev/null +++ b/2020/CVE-2020-13285.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934255, + "name": "CVE-2020-13285", + "full_name": "Live-Hack-CVE\/CVE-2020-13285", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-13285", + "description": "For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:16Z", + "updated_at": "2022-12-28T09:25:16Z", + "pushed_at": "2022-12-28T09:25:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-13614.json b/2020/CVE-2020-13614.json new file mode 100644 index 0000000000..23409524a8 --- /dev/null +++ b/2020/CVE-2020-13614.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945805, + "name": "CVE-2020-13614", + "full_name": "Live-Hack-CVE\/CVE-2020-13614", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-13614", + "description": "An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:05:49Z", + "updated_at": "2022-12-28T10:05:49Z", + "pushed_at": "2022-12-28T10:05:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-13659.json b/2020/CVE-2020-13659.json new file mode 100644 index 0000000000..d886597137 --- /dev/null +++ b/2020/CVE-2020-13659.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934692, + "name": "CVE-2020-13659", + "full_name": "Live-Hack-CVE\/CVE-2020-13659", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-13659", + "description": "address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:34Z", + "updated_at": "2022-12-28T09:26:34Z", + "pushed_at": "2022-12-28T09:26:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-13828.json b/2020/CVE-2020-13828.json new file mode 100644 index 0000000000..dfc0072314 --- /dev/null +++ b/2020/CVE-2020-13828.json @@ -0,0 +1,31 @@ +[ + { + "id": 582911727, + "name": "CVE-2020-13828", + "full_name": "Live-Hack-CVE\/CVE-2020-13828", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-13828", + "description": "Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket\/card.php?action=create with the subject, message, or address parameter; adherents\/card.php with the societe or address parameter; pr CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:00:39Z", + "updated_at": "2022-12-28T08:00:39Z", + "pushed_at": "2022-12-28T08:00:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-13942.json b/2020/CVE-2020-13942.json index c3e834b96f..8c2ec9276b 100644 --- a/2020/CVE-2020-13942.json +++ b/2020/CVE-2020-13942.json @@ -1,149 +1,4 @@ [ - { - "id": 313899657, - "name": "CVE-2020-13942", - "full_name": "lp008\/CVE-2020-13942", - "owner": { - "login": "lp008", - "id": 11436275, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11436275?v=4", - "html_url": "https:\/\/github.com\/lp008" - }, - "html_url": "https:\/\/github.com\/lp008\/CVE-2020-13942", - "description": null, - "fork": false, - "created_at": "2020-11-18T10:29:47Z", - "updated_at": "2022-10-27T09:32:41Z", - "pushed_at": "2020-11-19T01:57:11Z", - "stargazers_count": 6, - "watchers_count": 6, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 6, - "score": 0 - }, - { - "id": 314181474, - "name": "CVE-2020-13942", - "full_name": "eugenebmx\/CVE-2020-13942", - "owner": { - "login": "eugenebmx", - "id": 35716373, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/35716373?v=4", - "html_url": "https:\/\/github.com\/eugenebmx" - }, - "html_url": "https:\/\/github.com\/eugenebmx\/CVE-2020-13942", - "description": "CVE-2020-13942 unauthenticated RCE POC through MVEL and OGNL injection", - "fork": false, - "created_at": "2020-11-19T08:22:17Z", - "updated_at": "2022-11-09T18:10:09Z", - "pushed_at": "2020-12-21T12:48:48Z", - "stargazers_count": 28, - "watchers_count": 28, - "has_discussions": false, - "forks_count": 12, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 12, - "watchers": 28, - "score": 0 - }, - { - "id": 314692880, - "name": "CVE-2020-13942-POC-", - "full_name": "shifa123\/CVE-2020-13942-POC-", - "owner": { - "login": "shifa123", - "id": 18241082, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18241082?v=4", - "html_url": "https:\/\/github.com\/shifa123" - }, - "html_url": "https:\/\/github.com\/shifa123\/CVE-2020-13942-POC-", - "description": "CVE-2020-13942 POC + Automation Script", - "fork": false, - "created_at": "2020-11-20T23:25:44Z", - "updated_at": "2022-11-09T18:10:11Z", - "pushed_at": "2020-11-23T10:48:34Z", - "stargazers_count": 9, - "watchers_count": 9, - "has_discussions": false, - "forks_count": 9, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 9, - "watchers": 9, - "score": 0 - }, - { - "id": 314769989, - "name": "CVE-2020-13942", - "full_name": "blackmarketer\/CVE-2020-13942", - "owner": { - "login": "blackmarketer", - "id": 48115305, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/48115305?v=4", - "html_url": "https:\/\/github.com\/blackmarketer" - }, - "html_url": "https:\/\/github.com\/blackmarketer\/CVE-2020-13942", - "description": null, - "fork": false, - "created_at": "2020-11-21T08:48:46Z", - "updated_at": "2021-01-15T02:51:15Z", - "pushed_at": "2022-10-12T16:32:58Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 4, - "score": 0 - }, - { - "id": 323504939, - "name": "Unomi-CVE-2020-13942", - "full_name": "yaunsky\/Unomi-CVE-2020-13942", - "owner": { - "login": "yaunsky", - "id": 48243087, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/48243087?v=4", - "html_url": "https:\/\/github.com\/yaunsky" - }, - "html_url": "https:\/\/github.com\/yaunsky\/Unomi-CVE-2020-13942", - "description": "CVE-2020-13942 Apache Unomi 远程代码执行漏洞脚getshell", - "fork": false, - "created_at": "2020-12-22T02:57:50Z", - "updated_at": "2020-12-22T03:30:18Z", - "pushed_at": "2020-12-22T02:58:55Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 4, - "score": 0 - }, { "id": 328714228, "name": "apche_unomi_rce", diff --git a/2020/CVE-2020-14004.json b/2020/CVE-2020-14004.json new file mode 100644 index 0000000000..2ea051b8d1 --- /dev/null +++ b/2020/CVE-2020-14004.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934592, + "name": "CVE-2020-14004", + "full_name": "Live-Hack-CVE\/CVE-2020-14004", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14004", + "description": "An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 \/run\/icinga2\/cmd. \/run\/icinga2 is under control of an unprivileged user by default. If \/run\/icinga2\/cmd is a symlink, then it will by followed and arbitrary files can be change CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:15Z", + "updated_at": "2022-12-28T09:26:15Z", + "pushed_at": "2022-12-28T09:26:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14295.json b/2020/CVE-2020-14295.json index c0b60c3c02..30fd9f0e96 100644 --- a/2020/CVE-2020-14295.json +++ b/2020/CVE-2020-14295.json @@ -56,5 +56,34 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 582934520, + "name": "CVE-2020-14295", + "full_name": "Live-Hack-CVE\/CVE-2020-14295", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14295", + "description": "A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:00Z", + "updated_at": "2022-12-28T09:26:00Z", + "pushed_at": "2022-12-28T09:26:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-14307.json b/2020/CVE-2020-14307.json new file mode 100644 index 0000000000..8574678c60 --- /dev/null +++ b/2020/CVE-2020-14307.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980631, + "name": "CVE-2020-14307", + "full_name": "Live-Hack-CVE\/CVE-2020-14307", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14307", + "description": "A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:52Z", + "updated_at": "2022-12-28T12:11:52Z", + "pushed_at": "2022-12-28T12:11:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14330.json b/2020/CVE-2020-14330.json new file mode 100644 index 0000000000..d90b79d8f2 --- /dev/null +++ b/2020/CVE-2020-14330.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947754, + "name": "CVE-2020-14330", + "full_name": "Live-Hack-CVE\/CVE-2020-14330", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14330", + "description": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest thr CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:18Z", + "updated_at": "2022-12-28T10:12:18Z", + "pushed_at": "2022-12-28T10:12:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14334.json b/2020/CVE-2020-14334.json new file mode 100644 index 0000000000..a8d2860014 --- /dev/null +++ b/2020/CVE-2020-14334.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983002, + "name": "CVE-2020-14334", + "full_name": "Live-Hack-CVE\/CVE-2020-14334", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14334", + "description": "A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:03Z", + "updated_at": "2022-12-28T12:20:03Z", + "pushed_at": "2022-12-28T12:20:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14342.json b/2020/CVE-2020-14342.json new file mode 100644 index 0000000000..d79c33e2e9 --- /dev/null +++ b/2020/CVE-2020-14342.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933751, + "name": "CVE-2020-14342", + "full_name": "Live-Hack-CVE\/CVE-2020-14342", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14342", + "description": "It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:22Z", + "updated_at": "2022-12-28T09:23:22Z", + "pushed_at": "2022-12-28T09:23:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14346.json b/2020/CVE-2020-14346.json new file mode 100644 index 0000000000..5c9fdd8393 --- /dev/null +++ b/2020/CVE-2020-14346.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980663, + "name": "CVE-2020-14346", + "full_name": "Live-Hack-CVE\/CVE-2020-14346", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14346", + "description": "A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:00Z", + "updated_at": "2022-12-28T12:12:00Z", + "pushed_at": "2022-12-28T12:12:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14356.json b/2020/CVE-2020-14356.json index 4e46456aaa..95d602f058 100644 --- a/2020/CVE-2020-14356.json +++ b/2020/CVE-2020-14356.json @@ -27,5 +27,34 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 582890860, + "name": "CVE-2020-14356", + "full_name": "Live-Hack-CVE\/CVE-2020-14356", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14356", + "description": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:10Z", + "updated_at": "2022-12-28T06:37:10Z", + "pushed_at": "2022-12-28T06:37:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-14364.json b/2020/CVE-2020-14364.json index 40f974b3c4..e7a45697cc 100644 --- a/2020/CVE-2020-14364.json +++ b/2020/CVE-2020-14364.json @@ -56,5 +56,34 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 582933974, + "name": "CVE-2020-14364", + "full_name": "Live-Hack-CVE\/CVE-2020-14364", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14364", + "description": "An out-of-bounds read\/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU proce CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:24:13Z", + "updated_at": "2022-12-28T09:24:13Z", + "pushed_at": "2022-12-28T09:24:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-14389.json b/2020/CVE-2020-14389.json new file mode 100644 index 0000000000..79e3466351 --- /dev/null +++ b/2020/CVE-2020-14389.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925233, + "name": "CVE-2020-14389", + "full_name": "Live-Hack-CVE\/CVE-2020-14389", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14389", + "description": "It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:11Z", + "updated_at": "2022-12-28T08:52:11Z", + "pushed_at": "2022-12-28T08:52:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14444.json b/2020/CVE-2020-14444.json new file mode 100644 index 0000000000..da266b4cb1 --- /dev/null +++ b/2020/CVE-2020-14444.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934442, + "name": "CVE-2020-14444", + "full_name": "Live-Hack-CVE\/CVE-2020-14444", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14444", + "description": "An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:45Z", + "updated_at": "2022-12-28T09:25:45Z", + "pushed_at": "2022-12-28T09:25:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14445.json b/2020/CVE-2020-14445.json new file mode 100644 index 0000000000..a79e66ea92 --- /dev/null +++ b/2020/CVE-2020-14445.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934428, + "name": "CVE-2020-14445", + "full_name": "Live-Hack-CVE\/CVE-2020-14445", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14445", + "description": "An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:41Z", + "updated_at": "2022-12-28T09:25:41Z", + "pushed_at": "2022-12-28T09:25:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14446.json b/2020/CVE-2020-14446.json new file mode 100644 index 0000000000..79fd2f3864 --- /dev/null +++ b/2020/CVE-2020-14446.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934534, + "name": "CVE-2020-14446", + "full_name": "Live-Hack-CVE\/CVE-2020-14446", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-14446", + "description": "An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:03Z", + "updated_at": "2022-12-28T09:26:03Z", + "pushed_at": "2022-12-28T09:26:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json index 6d218870ef..a96818d41a 100644 --- a/2020/CVE-2020-1472.json +++ b/2020/CVE-2020-1472.json @@ -260,64 +260,6 @@ "watchers": 1, "score": 0 }, - { - "id": 311800203, - "name": "The_big_Zero", - "full_name": "JayP232\/The_big_Zero", - "owner": { - "login": "JayP232", - "id": 40582783, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40582783?v=4", - "html_url": "https:\/\/github.com\/JayP232" - }, - "html_url": "https:\/\/github.com\/JayP232\/The_big_Zero", - "description": "The following is the outcome of playing with CVE-2020-1472 and attempting to automate the process of gaining a shell on the DC", - "fork": false, - "created_at": "2020-11-10T22:29:56Z", - "updated_at": "2020-12-04T21:08:46Z", - "pushed_at": "2020-12-04T21:08:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 323842467, - "name": "CVE-2020-1472", - "full_name": "SaharAttackit\/CVE-2020-1472", - "owner": { - "login": "SaharAttackit", - "id": 76513483, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76513483?v=4", - "html_url": "https:\/\/github.com\/SaharAttackit" - }, - "html_url": "https:\/\/github.com\/SaharAttackit\/CVE-2020-1472", - "description": null, - "fork": false, - "created_at": "2020-12-23T08:12:21Z", - "updated_at": "2020-12-23T08:24:12Z", - "pushed_at": "2020-12-23T08:13:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 325937253, "name": "zerologon", diff --git a/2020/CVE-2020-14882.json b/2020/CVE-2020-14882.json index a7d97a43a8..3ce371f2f8 100644 --- a/2020/CVE-2020-14882.json +++ b/2020/CVE-2020-14882.json @@ -48,64 +48,6 @@ "watchers": 3645, "score": 0 }, - { - "id": 308184758, - "name": "-Patched-McMaster-University-Blind-Command-Injection", - "full_name": "Umarovm\/-Patched-McMaster-University-Blind-Command-Injection", - "owner": { - "login": "Umarovm", - "id": 25722145, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25722145?v=4", - "html_url": "https:\/\/github.com\/Umarovm" - }, - "html_url": "https:\/\/github.com\/Umarovm\/-Patched-McMaster-University-Blind-Command-Injection", - "description": "(patched) This targets McMaster University's website and takes advantage of CVE-2020-14882 in the outdated version of WebLogic Server (12.2.1.3.0), which is present in the university's subdomains, mosaic.mcmaster.ca and epprd.uts.mcmaster.ca.", - "fork": false, - "created_at": "2020-10-29T01:28:41Z", - "updated_at": "2020-12-04T02:16:03Z", - "pushed_at": "2020-12-04T02:16:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 308782228, - "name": "CVE-2020-14882_POC", - "full_name": "GGyao\/CVE-2020-14882_POC", - "owner": { - "login": "GGyao", - "id": 38530938, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/38530938?v=4", - "html_url": "https:\/\/github.com\/GGyao" - }, - "html_url": "https:\/\/github.com\/GGyao\/CVE-2020-14882_POC", - "description": "CVE-2020-14882批量验证工具。", - "fork": false, - "created_at": "2020-10-31T01:43:54Z", - "updated_at": "2022-09-05T15:26:08Z", - "pushed_at": "2020-12-01T05:05:24Z", - "stargazers_count": 13, - "watchers_count": 13, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 13, - "score": 0 - }, { "id": 309655403, "name": "CVE-2020-14882_ALL", @@ -135,35 +77,6 @@ "watchers": 127, "score": 0 }, - { - "id": 312193698, - "name": "CVE-2020-14882-weblogicRCE", - "full_name": "corelight\/CVE-2020-14882-weblogicRCE", - "owner": { - "login": "corelight", - "id": 21672558, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/21672558?v=4", - "html_url": "https:\/\/github.com\/corelight" - }, - "html_url": "https:\/\/github.com\/corelight\/CVE-2020-14882-weblogicRCE", - "description": "Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 \/ CVE-2020-14750", - "fork": false, - "created_at": "2020-11-12T06:59:54Z", - "updated_at": "2022-07-13T18:57:55Z", - "pushed_at": "2020-12-02T21:43:52Z", - "stargazers_count": 7, - "watchers_count": 7, - "has_discussions": false, - "forks_count": 6, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 6, - "watchers": 7, - "score": 0 - }, { "id": 325429279, "name": "CodeTest", diff --git a/2020/CVE-2020-15002.json b/2020/CVE-2020-15002.json deleted file mode 100644 index a8f2c330e0..0000000000 --- a/2020/CVE-2020-15002.json +++ /dev/null @@ -1,60 +0,0 @@ -[ - { - "id": 321271734, - "name": "Blind-SSRF-CVE-2020-15002", - "full_name": "skr0x1c0\/Blind-SSRF-CVE-2020-15002", - "owner": { - "login": "skr0x1c0", - "id": 75971916, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/75971916?v=4", - "html_url": "https:\/\/github.com\/skr0x1c0" - }, - "html_url": "https:\/\/github.com\/skr0x1c0\/Blind-SSRF-CVE-2020-15002", - "description": "https:\/\/hackerone.com\/reports\/865652", - "fork": false, - "created_at": "2020-12-14T07:48:44Z", - "updated_at": "2020-12-14T07:52:11Z", - "pushed_at": "2020-12-14T07:49:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 321272199, - "name": "SSRF-CVE-2020-15002", - "full_name": "skr0x1c0\/SSRF-CVE-2020-15002", - "owner": { - "login": "skr0x1c0", - "id": 75971916, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/75971916?v=4", - "html_url": "https:\/\/github.com\/skr0x1c0" - }, - "html_url": "https:\/\/github.com\/skr0x1c0\/SSRF-CVE-2020-15002", - "description": "https:\/\/hackerone.com\/reports\/863553", - "fork": false, - "created_at": "2020-12-14T07:50:45Z", - "updated_at": "2020-12-14T07:57:57Z", - "pushed_at": "2020-12-14T07:56:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-15166.json b/2020/CVE-2020-15166.json new file mode 100644 index 0000000000..317c708931 --- /dev/null +++ b/2020/CVE-2020-15166.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933911, + "name": "CVE-2020-15166", + "full_name": "Live-Hack-CVE\/CVE-2020-15166", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15166", + "description": "In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE\/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE\/ZAP, legitimate clients will not be able to exchange any messag CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:59Z", + "updated_at": "2022-12-28T09:23:59Z", + "pushed_at": "2022-12-28T09:24:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15229.json b/2020/CVE-2020-15229.json new file mode 100644 index 0000000000..ebb0256edb --- /dev/null +++ b/2020/CVE-2020-15229.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925082, + "name": "CVE-2020-15229", + "full_name": "Live-Hack-CVE\/CVE-2020-15229", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15229", + "description": "Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite\/create any files on the host filesystem during the extraction with a crafted squashfs filesy CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:51:40Z", + "updated_at": "2022-12-28T08:51:40Z", + "pushed_at": "2022-12-28T08:51:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15309.json b/2020/CVE-2020-15309.json new file mode 100644 index 0000000000..e68de27dfa --- /dev/null +++ b/2020/CVE-2020-15309.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934184, + "name": "CVE-2020-15309", + "full_name": "Live-Hack-CVE\/CVE-2020-15309", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15309", + "description": "An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a p CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:24:57Z", + "updated_at": "2022-12-28T09:24:57Z", + "pushed_at": "2022-12-28T09:25:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15395.json b/2020/CVE-2020-15395.json new file mode 100644 index 0000000000..cb62c0eb48 --- /dev/null +++ b/2020/CVE-2020-15395.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934558, + "name": "CVE-2020-15395", + "full_name": "Live-Hack-CVE\/CVE-2020-15395", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15395", + "description": "In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple\/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:07Z", + "updated_at": "2022-12-28T09:26:07Z", + "pushed_at": "2022-12-28T09:26:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15500.json b/2020/CVE-2020-15500.json new file mode 100644 index 0000000000..fedf599910 --- /dev/null +++ b/2020/CVE-2020-15500.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959518, + "name": "CVE-2020-15500", + "full_name": "Live-Hack-CVE\/CVE-2020-15500", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15500", + "description": "An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:13Z", + "updated_at": "2022-12-28T10:55:13Z", + "pushed_at": "2022-12-28T10:55:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15676.json b/2020/CVE-2020-15676.json new file mode 100644 index 0000000000..b19cfbda05 --- /dev/null +++ b/2020/CVE-2020-15676.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925515, + "name": "CVE-2020-15676", + "full_name": "Live-Hack-CVE\/CVE-2020-15676", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15676", + "description": "Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:53:10Z", + "updated_at": "2022-12-28T08:53:10Z", + "pushed_at": "2022-12-28T08:53:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15677.json b/2020/CVE-2020-15677.json new file mode 100644 index 0000000000..72b9477163 --- /dev/null +++ b/2020/CVE-2020-15677.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925431, + "name": "CVE-2020-15677", + "full_name": "Live-Hack-CVE\/CVE-2020-15677", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15677", + "description": "By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:51Z", + "updated_at": "2022-12-28T08:52:51Z", + "pushed_at": "2022-12-28T08:52:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15678.json b/2020/CVE-2020-15678.json new file mode 100644 index 0000000000..a969f5ffcd --- /dev/null +++ b/2020/CVE-2020-15678.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925113, + "name": "CVE-2020-15678", + "full_name": "Live-Hack-CVE\/CVE-2020-15678", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15678", + "description": "When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:51:47Z", + "updated_at": "2022-12-28T08:51:47Z", + "pushed_at": "2022-12-28T08:51:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15706.json b/2020/CVE-2020-15706.json new file mode 100644 index 0000000000..815121d679 --- /dev/null +++ b/2020/CVE-2020-15706.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934403, + "name": "CVE-2020-15706", + "full_name": "Live-Hack-CVE\/CVE-2020-15706", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15706", + "description": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prio CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:38Z", + "updated_at": "2022-12-28T09:25:38Z", + "pushed_at": "2022-12-28T09:25:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15802.json b/2020/CVE-2020-15802.json index cdb1e38ad9..4bf2561a6e 100644 --- a/2020/CVE-2020-15802.json +++ b/2020/CVE-2020-15802.json @@ -32,5 +32,34 @@ "forks": 3, "watchers": 6, "score": 0 + }, + { + "id": 582925410, + "name": "CVE-2020-15802", + "full_name": "Live-Hack-CVE\/CVE-2020-15802", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15802", + "description": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR\/EDR, and replace a bonding already established on the opp CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:48Z", + "updated_at": "2022-12-28T08:52:48Z", + "pushed_at": "2022-12-28T08:52:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-15902.json b/2020/CVE-2020-15902.json new file mode 100644 index 0000000000..7460d1931c --- /dev/null +++ b/2020/CVE-2020-15902.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934506, + "name": "CVE-2020-15902", + "full_name": "Live-Hack-CVE\/CVE-2020-15902", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15902", + "description": "Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:56Z", + "updated_at": "2022-12-28T09:25:56Z", + "pushed_at": "2022-12-28T09:25:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15917.json b/2020/CVE-2020-15917.json new file mode 100644 index 0000000000..d0d56542a6 --- /dev/null +++ b/2020/CVE-2020-15917.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934485, + "name": "CVE-2020-15917", + "full_name": "Live-Hack-CVE\/CVE-2020-15917", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-15917", + "description": "common\/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:52Z", + "updated_at": "2022-12-28T09:25:52Z", + "pushed_at": "2022-12-28T09:25:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-16947.json b/2020/CVE-2020-16947.json index a319e59ce3..73e57dd9e2 100644 --- a/2020/CVE-2020-16947.json +++ b/2020/CVE-2020-16947.json @@ -1,33 +1,4 @@ [ - { - "id": 314771487, - "name": "CVE-2020-16947", - "full_name": "MasterSploit\/CVE-2020-16947", - "owner": { - "login": "MasterSploit", - "id": 74764997, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/74764997?v=4", - "html_url": "https:\/\/github.com\/MasterSploit" - }, - "html_url": "https:\/\/github.com\/MasterSploit\/CVE-2020-16947", - "description": "Outlook 2019 Remote Command Execution", - "fork": false, - "created_at": "2020-11-21T08:58:32Z", - "updated_at": "2020-11-25T16:33:09Z", - "pushed_at": "2020-11-21T09:09:45Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - }, { "id": 582881983, "name": "CVE-2020-16947", diff --git a/2020/CVE-2020-17008.json b/2020/CVE-2020-17008.json deleted file mode 100644 index 00421d94d2..0000000000 --- a/2020/CVE-2020-17008.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 324061019, - "name": "CVE-2020-17008", - "full_name": "jas502n\/CVE-2020-17008", - "owner": { - "login": "jas502n", - "id": 16593068, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", - "html_url": "https:\/\/github.com\/jas502n" - }, - "html_url": "https:\/\/github.com\/jas502n\/CVE-2020-17008", - "description": "CVE-2020-17008 splWOW64 Elevation of Privilege", - "fork": false, - "created_at": "2020-12-24T04:00:29Z", - "updated_at": "2022-06-16T11:46:06Z", - "pushed_at": "2020-12-24T06:02:53Z", - "stargazers_count": 51, - "watchers_count": 51, - "has_discussions": false, - "forks_count": 6, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 6, - "watchers": 51, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-17057.json b/2020/CVE-2020-17057.json index 3683c5c46b..3f489e03c0 100644 --- a/2020/CVE-2020-17057.json +++ b/2020/CVE-2020-17057.json @@ -1,33 +1,4 @@ [ - { - "id": 323866440, - "name": "cve-2020-17057", - "full_name": "ze0r\/cve-2020-17057", - "owner": { - "login": "ze0r", - "id": 43227253, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43227253?v=4", - "html_url": "https:\/\/github.com\/ze0r" - }, - "html_url": "https:\/\/github.com\/ze0r\/cve-2020-17057", - "description": "cve-2020-17057 poc", - "fork": false, - "created_at": "2020-12-23T10:02:47Z", - "updated_at": "2022-11-09T18:10:33Z", - "pushed_at": "2020-12-23T10:08:16Z", - "stargazers_count": 29, - "watchers_count": 29, - "has_discussions": false, - "forks_count": 9, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 9, - "watchers": 29, - "score": 0 - }, { "id": 341907101, "name": "CVE-2020-17057", diff --git a/2020/CVE-2020-1706.json b/2020/CVE-2020-1706.json new file mode 100644 index 0000000000..c371d00e92 --- /dev/null +++ b/2020/CVE-2020-1706.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983545, + "name": "CVE-2020-1706", + "full_name": "Live-Hack-CVE\/CVE-2020-1706", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-1706", + "description": "It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of \/etc\/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify \/etc\/passwd to a CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:21:52Z", + "updated_at": "2022-12-28T12:21:52Z", + "pushed_at": "2022-12-28T12:21:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-1707.json b/2020/CVE-2020-1707.json new file mode 100644 index 0000000000..68b3dadd68 --- /dev/null +++ b/2020/CVE-2020-1707.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983522, + "name": "CVE-2020-1707", + "full_name": "Live-Hack-CVE\/CVE-2020-1707", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-1707", + "description": "A vulnerability was found in all openshift\/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the \/etc\/passwd file was found in the container openshift\/postgresql-apb. An attacker with access to the container could use this flaw to modify \/etc\/passwd and escalate their privile CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:21:48Z", + "updated_at": "2022-12-28T12:21:48Z", + "pushed_at": "2022-12-28T12:21:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-17087.json b/2020/CVE-2020-17087.json index 9058edbcb4..23af6eb99d 100644 --- a/2020/CVE-2020-17087.json +++ b/2020/CVE-2020-17087.json @@ -1,33 +1,4 @@ [ - { - "id": 316112234, - "name": "CVE-2020-17087", - "full_name": "revengsh\/CVE-2020-17087", - "owner": { - "login": "revengsh", - "id": 49122088, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49122088?v=4", - "html_url": "https:\/\/github.com\/revengsh" - }, - "html_url": "https:\/\/github.com\/revengsh\/CVE-2020-17087", - "description": "A CVE-2020-17087 PoC.", - "fork": false, - "created_at": "2020-11-26T03:21:34Z", - "updated_at": "2022-06-13T22:21:30Z", - "pushed_at": "2020-11-26T04:21:20Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 3, - "score": 0 - }, { "id": 371444911, "name": "OHTS_IE6052-CVE-2020-17087", diff --git a/2020/CVE-2020-1709.json b/2020/CVE-2020-1709.json new file mode 100644 index 0000000000..a3ef565126 --- /dev/null +++ b/2020/CVE-2020-1709.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983483, + "name": "CVE-2020-1709", + "full_name": "Live-Hack-CVE\/CVE-2020-1709", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-1709", + "description": "A vulnerability was found in all openshift\/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the \/etc\/passwd file was found in the openshift\/mediawiki. An attacker with access to the container could use this flaw to modify \/etc\/passwd and escalate their privileges. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:21:41Z", + "updated_at": "2022-12-28T12:21:41Z", + "pushed_at": "2022-12-28T12:21:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-17144.json b/2020/CVE-2020-17144.json deleted file mode 100644 index 81a8cb58e1..0000000000 --- a/2020/CVE-2020-17144.json +++ /dev/null @@ -1,60 +0,0 @@ -[ - { - "id": 319921170, - "name": "CVE-2020-17144-EXP", - "full_name": "Airboi\/CVE-2020-17144-EXP", - "owner": { - "login": "Airboi", - "id": 28615434, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/28615434?v=4", - "html_url": "https:\/\/github.com\/Airboi" - }, - "html_url": "https:\/\/github.com\/Airboi\/CVE-2020-17144-EXP", - "description": "Exchange2010 authorized RCE", - "fork": false, - "created_at": "2020-12-09T10:30:16Z", - "updated_at": "2022-11-09T18:10:24Z", - "pushed_at": "2020-12-24T08:11:51Z", - "stargazers_count": 153, - "watchers_count": 153, - "has_discussions": false, - "forks_count": 43, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 43, - "watchers": 153, - "score": 0 - }, - { - "id": 320077749, - "name": "CVE-2020-17144", - "full_name": "zcgonvh\/CVE-2020-17144", - "owner": { - "login": "zcgonvh", - "id": 25787677, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25787677?v=4", - "html_url": "https:\/\/github.com\/zcgonvh" - }, - "html_url": "https:\/\/github.com\/zcgonvh\/CVE-2020-17144", - "description": "weaponized tool for CVE-2020-17144", - "fork": false, - "created_at": "2020-12-09T20:57:16Z", - "updated_at": "2022-12-15T15:09:10Z", - "pushed_at": "2020-12-09T20:57:32Z", - "stargazers_count": 148, - "watchers_count": 148, - "has_discussions": false, - "forks_count": 28, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 28, - "watchers": 148, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-1730.json b/2020/CVE-2020-1730.json new file mode 100644 index 0000000000..b16e45f453 --- /dev/null +++ b/2020/CVE-2020-1730.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980607, + "name": "CVE-2020-1730", + "full_name": "Live-Hack-CVE\/CVE-2020-1730", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-1730", + "description": "A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vu CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:48Z", + "updated_at": "2022-12-28T12:11:48Z", + "pushed_at": "2022-12-28T12:11:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-17373.json b/2020/CVE-2020-17373.json new file mode 100644 index 0000000000..e9375aceaf --- /dev/null +++ b/2020/CVE-2020-17373.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934341, + "name": "CVE-2020-17373", + "full_name": "Live-Hack-CVE\/CVE-2020-17373", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-17373", + "description": "SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:31Z", + "updated_at": "2022-12-28T09:25:31Z", + "pushed_at": "2022-12-28T09:25:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-1744.json b/2020/CVE-2020-1744.json new file mode 100644 index 0000000000..a4ee40458d --- /dev/null +++ b/2020/CVE-2020-1744.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935169, + "name": "CVE-2020-1744", + "full_name": "Live-Hack-CVE\/CVE-2020-1744", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-1744", + "description": "A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:07Z", + "updated_at": "2022-12-28T09:28:07Z", + "pushed_at": "2022-12-28T09:28:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-17530.json b/2020/CVE-2020-17530.json index cd89eca54e..678edca490 100644 --- a/2020/CVE-2020-17530.json +++ b/2020/CVE-2020-17530.json @@ -1,152 +1,4 @@ [ - { - "id": 319912115, - "name": "CVE-2020-17530", - "full_name": "ka1n4t\/CVE-2020-17530", - "owner": { - "login": "ka1n4t", - "id": 22983012, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22983012?v=4", - "html_url": "https:\/\/github.com\/ka1n4t" - }, - "html_url": "https:\/\/github.com\/ka1n4t\/CVE-2020-17530", - "description": null, - "fork": false, - "created_at": "2020-12-09T09:53:08Z", - "updated_at": "2022-04-15T01:43:32Z", - "pushed_at": "2020-12-09T09:57:45Z", - "stargazers_count": 64, - "watchers_count": 64, - "has_discussions": false, - "forks_count": 15, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 15, - "watchers": 64, - "score": 0 - }, - { - "id": 320346242, - "name": "CVE-2020-17530", - "full_name": "wuzuowei\/CVE-2020-17530", - "owner": { - "login": "wuzuowei", - "id": 26717790, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26717790?v=4", - "html_url": "https:\/\/github.com\/wuzuowei" - }, - "html_url": "https:\/\/github.com\/wuzuowei\/CVE-2020-17530", - "description": "S2-061 的payload,以及对应简单的PoC\/Exp", - "fork": false, - "created_at": "2020-12-10T17:42:37Z", - "updated_at": "2022-10-20T16:05:36Z", - "pushed_at": "2020-12-18T00:57:50Z", - "stargazers_count": 46, - "watchers_count": 46, - "has_discussions": false, - "forks_count": 26, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 26, - "watchers": 46, - "score": 0 - }, - { - "id": 321044044, - "name": "CVE-2020-17530", - "full_name": "Al1ex\/CVE-2020-17530", - "owner": { - "login": "Al1ex", - "id": 38161463, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/38161463?v=4", - "html_url": "https:\/\/github.com\/Al1ex" - }, - "html_url": "https:\/\/github.com\/Al1ex\/CVE-2020-17530", - "description": "S2-061 CVE-2020-17530", - "fork": false, - "created_at": "2020-12-13T11:02:15Z", - "updated_at": "2022-11-23T07:20:29Z", - "pushed_at": "2020-12-22T15:27:51Z", - "stargazers_count": 30, - "watchers_count": 30, - "has_discussions": false, - "forks_count": 10, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2020-17530", - "s2-061" - ], - "visibility": "public", - "forks": 10, - "watchers": 30, - "score": 0 - }, - { - "id": 321259848, - "name": "CVE-2020-17530-strust2-061", - "full_name": "fengziHK\/CVE-2020-17530-strust2-061", - "owner": { - "login": "fengziHK", - "id": 26290583, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26290583?v=4", - "html_url": "https:\/\/github.com\/fengziHK" - }, - "html_url": "https:\/\/github.com\/fengziHK\/CVE-2020-17530-strust2-061", - "description": "CVE-2020-17530-strust2-061", - "fork": false, - "created_at": "2020-12-14T06:54:57Z", - "updated_at": "2021-03-12T23:53:51Z", - "pushed_at": "2020-12-14T06:57:07Z", - "stargazers_count": 5, - "watchers_count": 5, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 5, - "score": 0 - }, - { - "id": 322516511, - "name": "freemarker_RCE_struts2_s2-061", - "full_name": "ludy-dev\/freemarker_RCE_struts2_s2-061", - "owner": { - "login": "ludy-dev", - "id": 70466565, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/70466565?v=4", - "html_url": "https:\/\/github.com\/ludy-dev" - }, - "html_url": "https:\/\/github.com\/ludy-dev\/freemarker_RCE_struts2_s2-061", - "description": "(cve-2020-17530) struts2_s2-061 freemarker_RCE testscript", - "fork": false, - "created_at": "2020-12-18T07:03:57Z", - "updated_at": "2020-12-18T07:05:31Z", - "pushed_at": "2020-12-18T07:05:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 0, - "score": 0 - }, { "id": 325608497, "name": "CVE-2020-17530", diff --git a/2020/CVE-2020-17531.json b/2020/CVE-2020-17531.json index 4b6b2d7b6e..68d1fb7a2e 100644 --- a/2020/CVE-2020-17531.json +++ b/2020/CVE-2020-17531.json @@ -1,33 +1,4 @@ [ - { - "id": 319884337, - "name": "CVE-2020-17531", - "full_name": "154802388\/CVE-2020-17531", - "owner": { - "login": "154802388", - "id": 44390729, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44390729?v=4", - "html_url": "https:\/\/github.com\/154802388" - }, - "html_url": "https:\/\/github.com\/154802388\/CVE-2020-17531", - "description": "Apache Struts2框架是一个用于开发Java EE网络应用程序的Web框架。Apache Struts于2020年12月08日披露 S2-061 Struts 远程代码执行漏洞(CVE-2020-17530),在使用某些tag等情况下可能存在OGNL表达式注入漏洞,从而造成远程代码执行,风险极大。提醒我校Apache Struts用户尽快采取安全措施阻止漏洞攻击。", - "fork": false, - "created_at": "2020-12-09T08:01:10Z", - "updated_at": "2020-12-24T03:29:48Z", - "pushed_at": "2020-12-09T03:10:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 0, - "score": 0 - }, { "id": 582810602, "name": "CVE-2022-46366", diff --git a/2020/CVE-2020-17533.json b/2020/CVE-2020-17533.json deleted file mode 100644 index 74f2f14b66..0000000000 --- a/2020/CVE-2020-17533.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 319951353, - "name": "CVE-2020-17533", - "full_name": "pazeray\/CVE-2020-17533", - "owner": { - "login": "pazeray", - "id": 75724257, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/75724257?v=4", - "html_url": "https:\/\/github.com\/pazeray" - }, - "html_url": "https:\/\/github.com\/pazeray\/CVE-2020-17533", - "description": null, - "fork": false, - "created_at": "2020-12-09T12:34:54Z", - "updated_at": "2021-09-09T13:27:49Z", - "pushed_at": "2020-12-09T00:42:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-1938.json b/2020/CVE-2020-1938.json index 790131caa5..e66c89be46 100644 --- a/2020/CVE-2020-1938.json +++ b/2020/CVE-2020-1938.json @@ -71,19 +71,19 @@ "description": "CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc", "fork": false, "created_at": "2020-02-20T17:57:54Z", - "updated_at": "2022-11-30T04:45:27Z", + "updated_at": "2022-12-28T08:34:31Z", "pushed_at": "2020-02-23T17:06:06Z", - "stargazers_count": 102, - "watchers_count": 102, + "stargazers_count": 103, + "watchers_count": 103, "has_discussions": false, - "forks_count": 70, + "forks_count": 71, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 70, - "watchers": 102, + "forks": 71, + "watchers": 103, "score": 0 }, { diff --git a/2020/CVE-2020-1971.json b/2020/CVE-2020-1971.json deleted file mode 100644 index 67d5d9b623..0000000000 --- a/2020/CVE-2020-1971.json +++ /dev/null @@ -1,38 +0,0 @@ -[ - { - "id": 320084650, - "name": "CVE-2020-1971", - "full_name": "MBHudson\/CVE-2020-1971", - "owner": { - "login": "MBHudson", - "id": 59308634, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/59308634?v=4", - "html_url": "https:\/\/github.com\/MBHudson" - }, - "html_url": "https:\/\/github.com\/MBHudson\/CVE-2020-1971", - "description": "CVE-2020-1971 Auto Scan & Remote Exploit Script. Auto Local Scan & Patch Script.", - "fork": false, - "created_at": "2020-12-09T21:32:15Z", - "updated_at": "2022-11-01T14:38:15Z", - "pushed_at": "2020-12-10T02:27:02Z", - "stargazers_count": 7, - "watchers_count": 7, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2020-1971", - "exploit", - "fix", - "hack", - "opensll", - "patch" - ], - "visibility": "public", - "forks": 2, - "watchers": 7, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-19716.json b/2020/CVE-2020-19716.json new file mode 100644 index 0000000000..1849224c7e --- /dev/null +++ b/2020/CVE-2020-19716.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957461, + "name": "CVE-2020-19716", + "full_name": "Live-Hack-CVE\/CVE-2020-19716", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-19716", + "description": "A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:47:36Z", + "updated_at": "2022-12-28T10:47:36Z", + "pushed_at": "2022-12-28T10:47:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-2026.json b/2020/CVE-2020-2026.json new file mode 100644 index 0000000000..4c18acfaff --- /dev/null +++ b/2020/CVE-2020-2026.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934648, + "name": "CVE-2020-2026", + "full_name": "Live-Hack-CVE\/CVE-2020-2026", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-2026", + "description": "A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 vers CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:26Z", + "updated_at": "2022-12-28T09:26:26Z", + "pushed_at": "2022-12-28T09:26:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-2091.json b/2020/CVE-2020-2091.json new file mode 100644 index 0000000000..d6df8f407f --- /dev/null +++ b/2020/CVE-2020-2091.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983203, + "name": "CVE-2020-2091", + "full_name": "Live-Hack-CVE\/CVE-2020-2091", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-2091", + "description": "A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall\/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:47Z", + "updated_at": "2022-12-28T12:20:47Z", + "pushed_at": "2022-12-28T12:20:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-21675.json b/2020/CVE-2020-21675.json new file mode 100644 index 0000000000..d2511e0c0d --- /dev/null +++ b/2020/CVE-2020-21675.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971145, + "name": "CVE-2020-21675", + "full_name": "Live-Hack-CVE\/CVE-2020-21675", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-21675", + "description": "A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:45Z", + "updated_at": "2022-12-28T11:37:46Z", + "pushed_at": "2022-12-28T11:37:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-24186.json b/2020/CVE-2020-24186.json index cca3fa3344..cca00d3ef6 100644 --- a/2020/CVE-2020-24186.json +++ b/2020/CVE-2020-24186.json @@ -18,13 +18,13 @@ "stargazers_count": 11, "watchers_count": 11, "has_discussions": false, - "forks_count": 5, + "forks_count": 6, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 5, + "forks": 6, "watchers": 11, "score": 0 }, diff --git a/2020/CVE-2020-24223.json b/2020/CVE-2020-24223.json new file mode 100644 index 0000000000..63ddc871a8 --- /dev/null +++ b/2020/CVE-2020-24223.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982847, + "name": "CVE-2020-24223", + "full_name": "Live-Hack-CVE\/CVE-2020-24223", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-24223", + "description": "Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:33Z", + "updated_at": "2022-12-28T12:19:33Z", + "pushed_at": "2022-12-28T12:19:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-24227.json b/2020/CVE-2020-24227.json deleted file mode 100644 index 249a5539f0..0000000000 --- a/2020/CVE-2020-24227.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 314812045, - "name": "CVE-2020-24227", - "full_name": "nathunandwani\/CVE-2020-24227", - "owner": { - "login": "nathunandwani", - "id": 11877783, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11877783?v=4", - "html_url": "https:\/\/github.com\/nathunandwani" - }, - "html_url": "https:\/\/github.com\/nathunandwani\/CVE-2020-24227", - "description": "Playground Sessions - Storing User Credentials in Plaintext", - "fork": false, - "created_at": "2020-11-21T12:55:42Z", - "updated_at": "2021-11-16T03:17:17Z", - "pushed_at": "2020-11-21T13:18:01Z", - "stargazers_count": 9, - "watchers_count": 9, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 9, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-24332.json b/2020/CVE-2020-24332.json new file mode 100644 index 0000000000..9cab193edc --- /dev/null +++ b/2020/CVE-2020-24332.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890848, + "name": "CVE-2020-24332", + "full_name": "Live-Hack-CVE\/CVE-2020-24332", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-24332", + "description": "An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:06Z", + "updated_at": "2022-12-28T06:37:06Z", + "pushed_at": "2022-12-28T06:37:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-24373.json b/2020/CVE-2020-24373.json new file mode 100644 index 0000000000..fa2210a52c --- /dev/null +++ b/2020/CVE-2020-24373.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933898, + "name": "CVE-2020-24373", + "full_name": "Live-Hack-CVE\/CVE-2020-24373", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-24373", + "description": "A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:55Z", + "updated_at": "2022-12-28T09:23:56Z", + "pushed_at": "2022-12-28T09:23:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-24374.json b/2020/CVE-2020-24374.json new file mode 100644 index 0000000000..32084140d8 --- /dev/null +++ b/2020/CVE-2020-24374.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934149, + "name": "CVE-2020-24374", + "full_name": "Live-Hack-CVE\/CVE-2020-24374", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-24374", + "description": "A DNS rebinding vulnerability in Freebox v5 before 1.5.29. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:24:51Z", + "updated_at": "2022-12-28T09:24:51Z", + "pushed_at": "2022-12-28T09:24:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-24377.json b/2020/CVE-2020-24377.json new file mode 100644 index 0000000000..625d05ec1b --- /dev/null +++ b/2020/CVE-2020-24377.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933957, + "name": "CVE-2020-24377", + "full_name": "Live-Hack-CVE\/CVE-2020-24377", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-24377", + "description": "A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:24:10Z", + "updated_at": "2022-12-28T09:24:10Z", + "pushed_at": "2022-12-28T09:24:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-25015.json b/2020/CVE-2020-25015.json new file mode 100644 index 0000000000..dc61bf3bab --- /dev/null +++ b/2020/CVE-2020-25015.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933871, + "name": "CVE-2020-25015", + "full_name": "Live-Hack-CVE\/CVE-2020-25015", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-25015", + "description": "A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:49Z", + "updated_at": "2022-12-28T09:23:49Z", + "pushed_at": "2022-12-28T09:23:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-25211.json b/2020/CVE-2020-25211.json new file mode 100644 index 0000000000..03964a1a23 --- /dev/null +++ b/2020/CVE-2020-25211.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933767, + "name": "CVE-2020-25211", + "full_name": "Live-Hack-CVE\/CVE-2020-25211", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-25211", + "description": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net\/netfilter\/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:26Z", + "updated_at": "2022-12-28T09:23:26Z", + "pushed_at": "2022-12-28T09:23:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-25265.json b/2020/CVE-2020-25265.json deleted file mode 100644 index 5e241b9d49..0000000000 --- a/2020/CVE-2020-25265.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 296434593, - "name": "CVE-2020-25265-25266", - "full_name": "refi64\/CVE-2020-25265-25266", - "owner": { - "login": "refi64", - "id": 1690697, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1690697?v=4", - "html_url": "https:\/\/github.com\/refi64" - }, - "html_url": "https:\/\/github.com\/refi64\/CVE-2020-25265-25266", - "description": null, - "fork": false, - "created_at": "2020-09-17T20:25:02Z", - "updated_at": "2020-12-08T02:57:29Z", - "pushed_at": "2020-12-08T02:57:27Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-25637.json b/2020/CVE-2020-25637.json deleted file mode 100644 index 79a5e156d6..0000000000 --- a/2020/CVE-2020-25637.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 318489452, - "name": "CVE-2020-25637-libvirt-double-free", - "full_name": "brahmiboudjema\/CVE-2020-25637-libvirt-double-free", - "owner": { - "login": "brahmiboudjema", - "id": 47785164, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/47785164?v=4", - "html_url": "https:\/\/github.com\/brahmiboudjema" - }, - "html_url": "https:\/\/github.com\/brahmiboudjema\/CVE-2020-25637-libvirt-double-free", - "description": "Double Free", - "fork": false, - "created_at": "2020-12-04T11:01:29Z", - "updated_at": "2020-12-11T17:27:10Z", - "pushed_at": "2020-12-11T17:27:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-25662.json b/2020/CVE-2020-25662.json new file mode 100644 index 0000000000..f0b2168c3c --- /dev/null +++ b/2020/CVE-2020-25662.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924786, + "name": "CVE-2020-25662", + "full_name": "Live-Hack-CVE\/CVE-2020-25662", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-25662", + "description": "A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending spec CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:35Z", + "updated_at": "2022-12-28T08:50:35Z", + "pushed_at": "2022-12-28T08:50:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-25711.json b/2020/CVE-2020-25711.json new file mode 100644 index 0000000000..89f2b1b2ac --- /dev/null +++ b/2020/CVE-2020-25711.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959409, + "name": "CVE-2020-25711", + "full_name": "Live-Hack-CVE\/CVE-2020-25711", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-25711", + "description": "A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:49Z", + "updated_at": "2022-12-28T10:54:49Z", + "pushed_at": "2022-12-28T10:54:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-25790.json b/2020/CVE-2020-25790.json index 4733f86a52..f9ed1d2f9d 100644 --- a/2020/CVE-2020-25790.json +++ b/2020/CVE-2020-25790.json @@ -27,5 +27,34 @@ "forks": 0, "watchers": 4, "score": 0 + }, + { + "id": 582933727, + "name": "CVE-2020-25790", + "full_name": "Live-Hack-CVE\/CVE-2020-25790", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-25790", + "description": "** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because \"admins are considered trustworthy\"; however, the behavior \"contradicts our security policy\" and is being fixed for CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:15Z", + "updated_at": "2022-12-28T09:23:15Z", + "pushed_at": "2022-12-28T09:23:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-26117.json b/2020/CVE-2020-26117.json new file mode 100644 index 0000000000..b613e61b83 --- /dev/null +++ b/2020/CVE-2020-26117.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933881, + "name": "CVE-2020-26117", + "full_name": "Live-Hack-CVE\/CVE-2020-26117", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-26117", + "description": "In rfb\/CSecurityTLS.cxx and rfb\/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:52Z", + "updated_at": "2022-12-28T09:23:52Z", + "pushed_at": "2022-12-28T09:23:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-26217.json b/2020/CVE-2020-26217.json index c3c191bf4a..727557c9dc 100644 --- a/2020/CVE-2020-26217.json +++ b/2020/CVE-2020-26217.json @@ -1,33 +1,4 @@ [ - { - "id": 319567021, - "name": "CVE-2020-26217-XStream-RCE-POC", - "full_name": "novysodope\/CVE-2020-26217-XStream-RCE-POC", - "owner": { - "login": "novysodope", - "id": 45167857, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45167857?v=4", - "html_url": "https:\/\/github.com\/novysodope" - }, - "html_url": "https:\/\/github.com\/novysodope\/CVE-2020-26217-XStream-RCE-POC", - "description": "CVE-2020-26217 XStream RCE POC", - "fork": false, - "created_at": "2020-12-08T07:58:41Z", - "updated_at": "2022-06-08T03:10:21Z", - "pushed_at": "2020-12-08T08:02:40Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 4, - "score": 0 - }, { "id": 331904602, "name": "CVE-2020-26217", diff --git a/2020/CVE-2020-26259.json b/2020/CVE-2020-26259.json index 3fa5bc1a77..240f9c9c2b 100644 --- a/2020/CVE-2020-26259.json +++ b/2020/CVE-2020-26259.json @@ -1,33 +1,4 @@ [ - { - "id": 321122801, - "name": "CVE-2020-26259", - "full_name": "jas502n\/CVE-2020-26259", - "owner": { - "login": "jas502n", - "id": 16593068, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", - "html_url": "https:\/\/github.com\/jas502n" - }, - "html_url": "https:\/\/github.com\/jas502n\/CVE-2020-26259", - "description": "CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.", - "fork": false, - "created_at": "2020-12-13T17:39:11Z", - "updated_at": "2022-01-03T08:14:12Z", - "pushed_at": "2020-12-13T19:12:34Z", - "stargazers_count": 27, - "watchers_count": 27, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 27, - "score": 0 - }, { "id": 331896682, "name": "CVE-2020-26259", diff --git a/2020/CVE-2020-26558.json b/2020/CVE-2020-26558.json new file mode 100644 index 0000000000..77c85a0db7 --- /dev/null +++ b/2020/CVE-2020-26558.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924751, + "name": "CVE-2020-26558", + "full_name": "Live-Hack-CVE\/CVE-2020-26558", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-26558", + "description": "Bluetooth LE and BR\/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentiall CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:28Z", + "updated_at": "2022-12-28T08:50:28Z", + "pushed_at": "2022-12-28T08:50:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-26880.json b/2020/CVE-2020-26880.json new file mode 100644 index 0000000000..fde9a58e67 --- /dev/null +++ b/2020/CVE-2020-26880.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933841, + "name": "CVE-2020-26880", + "full_name": "Live-Hack-CVE\/CVE-2020-26880", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-26880", + "description": "Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:42Z", + "updated_at": "2022-12-28T09:23:42Z", + "pushed_at": "2022-12-28T09:23:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-26932.json b/2020/CVE-2020-26932.json new file mode 100644 index 0000000000..d01c91b746 --- /dev/null +++ b/2020/CVE-2020-26932.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982241, + "name": "CVE-2020-26932", + "full_name": "Live-Hack-CVE\/CVE-2020-26932", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-26932", + "description": "debian\/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:26Z", + "updated_at": "2022-12-28T12:17:26Z", + "pushed_at": "2022-12-28T12:17:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-27190.json b/2020/CVE-2020-27190.json deleted file mode 100644 index 6bbb050da1..0000000000 --- a/2020/CVE-2020-27190.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 321257850, - "name": "x-CVE-2020-27190", - "full_name": "qlh831\/x-CVE-2020-27190", - "owner": { - "login": "qlh831", - "id": 73090087, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73090087?v=4", - "html_url": "https:\/\/github.com\/qlh831" - }, - "html_url": "https:\/\/github.com\/qlh831\/x-CVE-2020-27190", - "description": null, - "fork": false, - "created_at": "2020-12-14T06:44:37Z", - "updated_at": "2020-12-14T06:44:57Z", - "pushed_at": "2020-12-14T06:44:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-27652.json b/2020/CVE-2020-27652.json new file mode 100644 index 0000000000..defb021d0d --- /dev/null +++ b/2020/CVE-2020-27652.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925367, + "name": "CVE-2020-27652", + "full_name": "Live-Hack-CVE\/CVE-2020-27652", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-27652", + "description": "Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:37Z", + "updated_at": "2022-12-28T08:52:37Z", + "pushed_at": "2022-12-28T08:52:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-27653.json b/2020/CVE-2020-27653.json new file mode 100644 index 0000000000..0b53a334c5 --- /dev/null +++ b/2020/CVE-2020-27653.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925062, + "name": "CVE-2020-27653", + "full_name": "Live-Hack-CVE\/CVE-2020-27653", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-27653", + "description": "Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:51:36Z", + "updated_at": "2022-12-28T08:51:36Z", + "pushed_at": "2022-12-28T08:51:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-27654.json b/2020/CVE-2020-27654.json new file mode 100644 index 0000000000..934195f821 --- /dev/null +++ b/2020/CVE-2020-27654.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925052, + "name": "CVE-2020-27654", + "full_name": "Live-Hack-CVE\/CVE-2020-27654", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-27654", + "description": "Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786\/tcp or (2) 7787\/tcp. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:51:33Z", + "updated_at": "2022-12-28T08:51:33Z", + "pushed_at": "2022-12-28T08:51:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-27655.json b/2020/CVE-2020-27655.json new file mode 100644 index 0000000000..94f07e7973 --- /dev/null +++ b/2020/CVE-2020-27655.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925385, + "name": "CVE-2020-27655", + "full_name": "Live-Hack-CVE\/CVE-2020-27655", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-27655", + "description": "Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:41Z", + "updated_at": "2022-12-28T08:52:41Z", + "pushed_at": "2022-12-28T08:52:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-27751.json b/2020/CVE-2020-27751.json new file mode 100644 index 0000000000..cff008f759 --- /dev/null +++ b/2020/CVE-2020-27751.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924774, + "name": "CVE-2020-27751", + "full_name": "Live-Hack-CVE\/CVE-2020-27751", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-27751", + "description": "A flaw was found in ImageMagick in MagickCore\/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most lik CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:32Z", + "updated_at": "2022-12-28T08:50:32Z", + "pushed_at": "2022-12-28T08:50:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-27935.json b/2020/CVE-2020-27935.json deleted file mode 100644 index fcc11075ef..0000000000 --- a/2020/CVE-2020-27935.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 322620609, - "name": "SnatchBox", - "full_name": "LIJI32\/SnatchBox", - "owner": { - "login": "LIJI32", - "id": 2345928, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2345928?v=4", - "html_url": "https:\/\/github.com\/LIJI32" - }, - "html_url": "https:\/\/github.com\/LIJI32\/SnatchBox", - "description": "SnatchBox (CVE-2020-27935) is a sandbox escape vulnerability and exploit affecting macOS up to version 10.15.x", - "fork": false, - "created_at": "2020-12-18T14:39:28Z", - "updated_at": "2022-11-09T18:10:30Z", - "pushed_at": "2020-12-18T14:41:09Z", - "stargazers_count": 29, - "watchers_count": 29, - "has_discussions": false, - "forks_count": 5, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 5, - "watchers": 29, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-27949.json b/2020/CVE-2020-27949.json deleted file mode 100644 index 7a86bfe7b7..0000000000 --- a/2020/CVE-2020-27949.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 321454015, - "name": "dtrace-memaccess_cve-2020-27949", - "full_name": "seemoo-lab\/dtrace-memaccess_cve-2020-27949", - "owner": { - "login": "seemoo-lab", - "id": 7370084, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7370084?v=4", - "html_url": "https:\/\/github.com\/seemoo-lab" - }, - "html_url": "https:\/\/github.com\/seemoo-lab\/dtrace-memaccess_cve-2020-27949", - "description": null, - "fork": false, - "created_at": "2020-12-14T19:39:42Z", - "updated_at": "2022-01-03T07:13:02Z", - "pushed_at": "2020-12-20T17:29:07Z", - "stargazers_count": 33, - "watchers_count": 33, - "has_discussions": false, - "forks_count": 10, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 10, - "watchers": 33, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-27950.json b/2020/CVE-2020-27950.json deleted file mode 100644 index d067726900..0000000000 --- a/2020/CVE-2020-27950.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 317590228, - "name": "CVE-2020-27950", - "full_name": "synacktiv\/CVE-2020-27950", - "owner": { - "login": "synacktiv", - "id": 50145679, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50145679?v=4", - "html_url": "https:\/\/github.com\/synacktiv" - }, - "html_url": "https:\/\/github.com\/synacktiv\/CVE-2020-27950", - "description": "CVE-2020-27950 exploit", - "fork": false, - "created_at": "2020-12-01T15:49:07Z", - "updated_at": "2022-11-09T18:10:19Z", - "pushed_at": "2020-12-01T15:50:45Z", - "stargazers_count": 30, - "watchers_count": 30, - "has_discussions": false, - "forks_count": 7, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 7, - "watchers": 30, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-27955.json b/2020/CVE-2020-27955.json index a20f5f1d94..ab9c225b93 100644 --- a/2020/CVE-2020-27955.json +++ b/2020/CVE-2020-27955.json @@ -28,122 +28,6 @@ "watchers": 29, "score": 0 }, - { - "id": 314947753, - "name": "cve-2020-27955-poc", - "full_name": "yhsung\/cve-2020-27955-poc", - "owner": { - "login": "yhsung", - "id": 1084269, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1084269?v=4", - "html_url": "https:\/\/github.com\/yhsung" - }, - "html_url": "https:\/\/github.com\/yhsung\/cve-2020-27955-poc", - "description": null, - "fork": false, - "created_at": "2020-11-22T02:59:46Z", - "updated_at": "2020-11-22T03:04:29Z", - "pushed_at": "2020-11-22T03:04:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 315498736, - "name": "CVE-2020-27955", - "full_name": "r00t4dm\/CVE-2020-27955", - "owner": { - "login": "r00t4dm", - "id": 36941976, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/36941976?v=4", - "html_url": "https:\/\/github.com\/r00t4dm" - }, - "html_url": "https:\/\/github.com\/r00t4dm\/CVE-2020-27955", - "description": null, - "fork": false, - "created_at": "2020-11-24T02:40:04Z", - "updated_at": "2022-11-09T18:10:14Z", - "pushed_at": "2020-11-24T02:59:34Z", - "stargazers_count": 17, - "watchers_count": 17, - "has_discussions": false, - "forks_count": 6, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 6, - "watchers": 17, - "score": 0 - }, - { - "id": 320394850, - "name": "git-lfs-RCE-exploit-CVE-2020-27955-revshell", - "full_name": "williamgoulois\/git-lfs-RCE-exploit-CVE-2020-27955-revshell", - "owner": { - "login": "williamgoulois", - "id": 37271970, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37271970?v=4", - "html_url": "https:\/\/github.com\/williamgoulois" - }, - "html_url": "https:\/\/github.com\/williamgoulois\/git-lfs-RCE-exploit-CVE-2020-27955-revshell", - "description": null, - "fork": false, - "created_at": "2020-12-10T21:31:24Z", - "updated_at": "2021-02-11T07:12:46Z", - "pushed_at": "2020-12-10T22:03:01Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - }, - { - "id": 322199299, - "name": "CVE-2020-27955", - "full_name": "shubham0d\/CVE-2020-27955", - "owner": { - "login": "shubham0d", - "id": 12750163, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12750163?v=4", - "html_url": "https:\/\/github.com\/shubham0d" - }, - "html_url": "https:\/\/github.com\/shubham0d\/CVE-2020-27955", - "description": "POC for CVE-2020-27955", - "fork": false, - "created_at": "2020-12-17T06:14:30Z", - "updated_at": "2020-12-17T06:14:30Z", - "pushed_at": "2020-12-17T06:14:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 325019967, "name": "cve-2020-27955", diff --git a/2020/CVE-2020-28052.json b/2020/CVE-2020-28052.json index 53a7e3daab..9322a66e27 100644 --- a/2020/CVE-2020-28052.json +++ b/2020/CVE-2020-28052.json @@ -1,33 +1,4 @@ [ - { - "id": 322948567, - "name": "bouncy-castle-generative-test-poc", - "full_name": "madstap\/bouncy-castle-generative-test-poc", - "owner": { - "login": "madstap", - "id": 7657597, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7657597?v=4", - "html_url": "https:\/\/github.com\/madstap" - }, - "html_url": "https:\/\/github.com\/madstap\/bouncy-castle-generative-test-poc", - "description": "A generative test that would've caught CVE-2020-28052", - "fork": false, - "created_at": "2020-12-19T22:22:45Z", - "updated_at": "2020-12-19T22:30:59Z", - "pushed_at": "2020-12-19T22:30:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 326754867, "name": "CVE-2020-28052_PoC", diff --git a/2020/CVE-2020-28328.json b/2020/CVE-2020-28328.json deleted file mode 100644 index 242daa5795..0000000000 --- a/2020/CVE-2020-28328.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 310454719, - "name": "SuiteCRM-RCE", - "full_name": "mcorybillington\/SuiteCRM-RCE", - "owner": { - "login": "mcorybillington", - "id": 24510213, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/24510213?v=4", - "html_url": "https:\/\/github.com\/mcorybillington" - }, - "html_url": "https:\/\/github.com\/mcorybillington\/SuiteCRM-RCE", - "description": "Writeup on CVE-2020-28328: SuiteCRM Log File Remote Code Execution plus some bonus Cross-Site Scripting", - "fork": false, - "created_at": "2020-11-06T00:56:36Z", - "updated_at": "2022-11-09T18:10:01Z", - "pushed_at": "2020-11-23T17:27:07Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-28647.json b/2020/CVE-2020-28647.json deleted file mode 100644 index 8be3b98835..0000000000 --- a/2020/CVE-2020-28647.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 322287030, - "name": "Progress-MOVEit-Transfer-2020.1-Stored-XSS-CVE-2020-28647", - "full_name": "SECFORCE\/Progress-MOVEit-Transfer-2020.1-Stored-XSS-CVE-2020-28647", - "owner": { - "login": "SECFORCE", - "id": 8157384, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8157384?v=4", - "html_url": "https:\/\/github.com\/SECFORCE" - }, - "html_url": "https:\/\/github.com\/SECFORCE\/Progress-MOVEit-Transfer-2020.1-Stored-XSS-CVE-2020-28647", - "description": "MOVEit Transfer 2020 web application Stored Cross-Site Scripting (XSS)", - "fork": false, - "created_at": "2020-12-17T12:23:18Z", - "updated_at": "2020-12-17T12:33:47Z", - "pushed_at": "2020-12-17T12:31:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-2883.json b/2020/CVE-2020-2883.json index 7c65d0a093..c21bee4dd2 100644 --- a/2020/CVE-2020-2883.json +++ b/2020/CVE-2020-2883.json @@ -91,38 +91,6 @@ "watchers": 0, "score": 0 }, - { - "id": 316249865, - "name": "CVE-2020-2883", - "full_name": "Al1ex\/CVE-2020-2883", - "owner": { - "login": "Al1ex", - "id": 38161463, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/38161463?v=4", - "html_url": "https:\/\/github.com\/Al1ex" - }, - "html_url": "https:\/\/github.com\/Al1ex\/CVE-2020-2883", - "description": "CVE-2020-2883", - "fork": false, - "created_at": "2020-11-26T14:10:25Z", - "updated_at": "2022-11-18T06:09:37Z", - "pushed_at": "2020-11-27T02:12:52Z", - "stargazers_count": 6, - "watchers_count": 6, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2020-2883", - "weblogic" - ], - "visibility": "public", - "forks": 1, - "watchers": 6, - "score": 0 - }, { "id": 428189487, "name": "POC_CVE-2020-2883", diff --git a/2020/CVE-2020-28948.json b/2020/CVE-2020-28948.json index 00e9cd9a5b..bedb2beb6f 100644 --- a/2020/CVE-2020-28948.json +++ b/2020/CVE-2020-28948.json @@ -1,33 +1,4 @@ [ - { - "id": 316481683, - "name": "CVE-2020-28948-and-CVE-2020-28949", - "full_name": "0x240x23elu\/CVE-2020-28948-and-CVE-2020-28949", - "owner": { - "login": "0x240x23elu", - "id": 52744492, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52744492?v=4", - "html_url": "https:\/\/github.com\/0x240x23elu" - }, - "html_url": "https:\/\/github.com\/0x240x23elu\/CVE-2020-28948-and-CVE-2020-28949", - "description": null, - "fork": false, - "created_at": "2020-11-27T11:21:46Z", - "updated_at": "2022-11-13T20:05:10Z", - "pushed_at": "2020-11-27T11:26:01Z", - "stargazers_count": 6, - "watchers_count": 6, - "has_discussions": false, - "forks_count": 4, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 4, - "watchers": 6, - "score": 0 - }, { "id": 370402145, "name": "cve-2020-28948", diff --git a/2020/CVE-2020-29007.json b/2020/CVE-2020-29007.json deleted file mode 100644 index af17056d8e..0000000000 --- a/2020/CVE-2020-29007.json +++ /dev/null @@ -1,39 +0,0 @@ -[ - { - "id": 319646680, - "name": "cve-2020-29007", - "full_name": "seqred-s-a\/cve-2020-29007", - "owner": { - "login": "seqred-s-a", - "id": 49437606, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49437606?v=4", - "html_url": "https:\/\/github.com\/seqred-s-a" - }, - "html_url": "https:\/\/github.com\/seqred-s-a\/cve-2020-29007", - "description": "Remote code execution in Mediawiki Score", - "fork": false, - "created_at": "2020-12-08T13:27:31Z", - "updated_at": "2020-12-08T13:36:46Z", - "pushed_at": "2020-12-08T13:35:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve", - "cve-2020-29007", - "exploit", - "lilypond", - "mediawiki", - "mediawiki-extension", - "security" - ], - "visibility": "public", - "forks": 1, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-29070.json b/2020/CVE-2020-29070.json deleted file mode 100644 index ad645418ff..0000000000 --- a/2020/CVE-2020-29070.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 315874415, - "name": "cve-2020-29070", - "full_name": "aslanemre\/cve-2020-29070", - "owner": { - "login": "aslanemre", - "id": 52652572, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52652572?v=4", - "html_url": "https:\/\/github.com\/aslanemre" - }, - "html_url": "https:\/\/github.com\/aslanemre\/cve-2020-29070", - "description": "CVE-2020-29070 write-up.", - "fork": false, - "created_at": "2020-11-25T08:25:36Z", - "updated_at": "2020-12-05T13:03:30Z", - "pushed_at": "2020-11-25T17:43:14Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-29156.json b/2020/CVE-2020-29156.json deleted file mode 100644 index d278c92250..0000000000 --- a/2020/CVE-2020-29156.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 323442733, - "name": "CVE-2020-29156", - "full_name": "Ko-kn3t\/CVE-2020-29156", - "owner": { - "login": "Ko-kn3t", - "id": 57166441, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/57166441?v=4", - "html_url": "https:\/\/github.com\/Ko-kn3t" - }, - "html_url": "https:\/\/github.com\/Ko-kn3t\/CVE-2020-29156", - "description": "woocommerce wordpress plugin - Affected Version: V 4.5.2 [CVE-2020-29156]", - "fork": false, - "created_at": "2020-12-21T20:38:50Z", - "updated_at": "2020-12-26T16:13:17Z", - "pushed_at": "2020-12-21T20:48:21Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-29364.json b/2020/CVE-2020-29364.json deleted file mode 100644 index 47aac62640..0000000000 --- a/2020/CVE-2020-29364.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 316557251, - "name": "CVE-2020-29364", - "full_name": "aslanemre\/CVE-2020-29364", - "owner": { - "login": "aslanemre", - "id": 52652572, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52652572?v=4", - "html_url": "https:\/\/github.com\/aslanemre" - }, - "html_url": "https:\/\/github.com\/aslanemre\/CVE-2020-29364", - "description": null, - "fork": false, - "created_at": "2020-11-27T17:01:35Z", - "updated_at": "2020-12-05T13:03:30Z", - "pushed_at": "2020-11-27T17:07:32Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-29666.json b/2020/CVE-2020-29666.json deleted file mode 100644 index 2db63ac7ca..0000000000 --- a/2020/CVE-2020-29666.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 320179942, - "name": "CVE-2020-29666", - "full_name": "jet-pentest\/CVE-2020-29666", - "owner": { - "login": "jet-pentest", - "id": 71512502, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/71512502?v=4", - "html_url": "https:\/\/github.com\/jet-pentest" - }, - "html_url": "https:\/\/github.com\/jet-pentest\/CVE-2020-29666", - "description": null, - "fork": false, - "created_at": "2020-12-10T06:24:48Z", - "updated_at": "2021-02-14T09:24:16Z", - "pushed_at": "2020-12-10T06:39:55Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-29667.json b/2020/CVE-2020-29667.json deleted file mode 100644 index c1a57707fa..0000000000 --- a/2020/CVE-2020-29667.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 320183812, - "name": "CVE-2020-29667", - "full_name": "jet-pentest\/CVE-2020-29667", - "owner": { - "login": "jet-pentest", - "id": 71512502, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/71512502?v=4", - "html_url": "https:\/\/github.com\/jet-pentest" - }, - "html_url": "https:\/\/github.com\/jet-pentest\/CVE-2020-29667", - "description": null, - "fork": false, - "created_at": "2020-12-10T06:43:58Z", - "updated_at": "2021-02-14T09:24:13Z", - "pushed_at": "2020-12-10T07:04:42Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-29669.json b/2020/CVE-2020-29669.json deleted file mode 100644 index ba67879398..0000000000 --- a/2020/CVE-2020-29669.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 318305323, - "name": "CVE-2020-29669", - "full_name": "code-byter\/CVE-2020-29669", - "owner": { - "login": "code-byter", - "id": 10854537, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10854537?v=4", - "html_url": "https:\/\/github.com\/code-byter" - }, - "html_url": "https:\/\/github.com\/code-byter\/CVE-2020-29669", - "description": "Macally WIFISD2", - "fork": false, - "created_at": "2020-12-03T20:00:09Z", - "updated_at": "2021-03-28T12:19:39Z", - "pushed_at": "2020-12-12T13:00:37Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 3, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-3452.json b/2020/CVE-2020-3452.json index 4e9916c2d3..cbc9fc2d4e 100644 --- a/2020/CVE-2020-3452.json +++ b/2020/CVE-2020-3452.json @@ -28,35 +28,6 @@ "watchers": 1, "score": 0 }, - { - "id": 321075427, - "name": "CVE-2020-3452", - "full_name": "cygenta\/CVE-2020-3452", - "owner": { - "login": "cygenta", - "id": 49716463, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49716463?v=4", - "html_url": "https:\/\/github.com\/cygenta" - }, - "html_url": "https:\/\/github.com\/cygenta\/CVE-2020-3452", - "description": null, - "fork": false, - "created_at": "2020-12-13T13:47:38Z", - "updated_at": "2022-04-07T21:38:20Z", - "pushed_at": "2022-06-02T20:15:06Z", - "stargazers_count": 25, - "watchers_count": 25, - "has_discussions": false, - "forks_count": 9, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 9, - "watchers": 25, - "score": 0 - }, { "id": 327027118, "name": "CISCO-CVE-2020-3452-Scanner-Exploiter", diff --git a/2020/CVE-2020-35136.json b/2020/CVE-2020-35136.json new file mode 100644 index 0000000000..f4c9c338ba --- /dev/null +++ b/2020/CVE-2020-35136.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903600, + "name": "CVE-2020-35136", + "full_name": "Live-Hack-CVE\/CVE-2020-35136", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-35136", + "description": "Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin\/tools\/dolibarr_export.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:29Z", + "updated_at": "2022-12-28T07:28:29Z", + "pushed_at": "2022-12-28T07:28:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-35473.json b/2020/CVE-2020-35473.json new file mode 100644 index 0000000000..cc368e1042 --- /dev/null +++ b/2020/CVE-2020-35473.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969577, + "name": "CVE-2020-35473", + "full_name": "Live-Hack-CVE\/CVE-2020-35473", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-35473", + "description": "An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-r CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:15Z", + "updated_at": "2022-12-28T11:32:15Z", + "pushed_at": "2022-12-28T11:32:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-35590.json b/2020/CVE-2020-35590.json deleted file mode 100644 index 8ada1b5eb4..0000000000 --- a/2020/CVE-2020-35590.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 324019820, - "name": "CVE-2020-35590", - "full_name": "N4nj0\/CVE-2020-35590", - "owner": { - "login": "N4nj0", - "id": 76006964, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76006964?v=4", - "html_url": "https:\/\/github.com\/N4nj0" - }, - "html_url": "https:\/\/github.com\/N4nj0\/CVE-2020-35590", - "description": "Brute-force tool for WordPress Plugin Limit Login Attempts Reloaded >=2.13.0 - Login Limit Bypass (CVE-2020-35590)", - "fork": false, - "created_at": "2020-12-23T23:11:34Z", - "updated_at": "2022-01-06T17:11:10Z", - "pushed_at": "2020-12-23T23:27:21Z", - "stargazers_count": 8, - "watchers_count": 8, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 8, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-35606.json b/2020/CVE-2020-35606.json index 5db91ae23b..534d635ebd 100644 --- a/2020/CVE-2020-35606.json +++ b/2020/CVE-2020-35606.json @@ -1,33 +1,4 @@ [ - { - "id": 323973616, - "name": "webminscan", - "full_name": "anasbousselham\/webminscan", - "owner": { - "login": "anasbousselham", - "id": 9357948, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/9357948?v=4", - "html_url": "https:\/\/github.com\/anasbousselham" - }, - "html_url": "https:\/\/github.com\/anasbousselham\/webminscan", - "description": "Webmin Exploit Scanner CVE-2020-35606 CVE-2019-12840", - "fork": false, - "created_at": "2020-12-23T18:22:36Z", - "updated_at": "2020-12-23T18:23:02Z", - "pushed_at": "2020-12-23T18:22:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 394956829, "name": "CVE-2020-35606", diff --git a/2020/CVE-2020-36457.json b/2020/CVE-2020-36457.json new file mode 100644 index 0000000000..d73c9cd2d0 --- /dev/null +++ b/2020/CVE-2020-36457.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923253, + "name": "CVE-2020-36457", + "full_name": "Live-Hack-CVE\/CVE-2020-36457", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-36457", + "description": "An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:44:45Z", + "updated_at": "2022-12-28T08:44:45Z", + "pushed_at": "2022-12-28T08:44:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-3992.json b/2020/CVE-2020-3992.json index 30f2ea20de..d93f1ab93a 100644 --- a/2020/CVE-2020-3992.json +++ b/2020/CVE-2020-3992.json @@ -1,39 +1,4 @@ [ - { - "id": 317555828, - "name": "CVE-2019-5544_CVE-2020-3992", - "full_name": "HynekPetrak\/CVE-2019-5544_CVE-2020-3992", - "owner": { - "login": "HynekPetrak", - "id": 8593983, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8593983?v=4", - "html_url": "https:\/\/github.com\/HynekPetrak" - }, - "html_url": "https:\/\/github.com\/HynekPetrak\/CVE-2019-5544_CVE-2020-3992", - "description": "Python \/ scapy module implementing SRVLOC\/SLP protocol and scans for enabled OpenSLP services.", - "fork": false, - "created_at": "2020-12-01T13:49:26Z", - "updated_at": "2022-12-08T03:06:49Z", - "pushed_at": "2020-12-07T00:12:21Z", - "stargazers_count": 32, - "watchers_count": 32, - "has_discussions": false, - "forks_count": 8, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2019-5544", - "cve-2020-3992", - "openslp", - "slp", - "srvloc" - ], - "visibility": "public", - "forks": 8, - "watchers": 32, - "score": 0 - }, { "id": 335992894, "name": "VMware_ESXI_OpenSLP_PoCs", diff --git a/2020/CVE-2020-6020.json b/2020/CVE-2020-6020.json new file mode 100644 index 0000000000..6c4737cecb --- /dev/null +++ b/2020/CVE-2020-6020.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934161, + "name": "CVE-2020-6020", + "full_name": "Live-Hack-CVE\/CVE-2020-6020", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-6020", + "description": "Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:24:54Z", + "updated_at": "2022-12-28T09:24:54Z", + "pushed_at": "2022-12-28T09:24:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-6308.json b/2020/CVE-2020-6308.json index f8c2282dcd..f7f3664999 100644 --- a/2020/CVE-2020-6308.json +++ b/2020/CVE-2020-6308.json @@ -28,35 +28,6 @@ "watchers": 32, "score": 0 }, - { - "id": 325441552, - "name": "CVE-2020-6308-mass-exploiter", - "full_name": "freeFV\/CVE-2020-6308-mass-exploiter", - "owner": { - "login": "freeFV", - "id": 32540878, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/32540878?v=4", - "html_url": "https:\/\/github.com\/freeFV" - }, - "html_url": "https:\/\/github.com\/freeFV\/CVE-2020-6308-mass-exploiter", - "description": "CVE-2020-6308 mass exploiter\/fuzzer.", - "fork": false, - "created_at": "2020-12-30T03:08:17Z", - "updated_at": "2021-02-08T13:43:16Z", - "pushed_at": "2020-11-24T23:13:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 399392671, "name": "CVE-2020-6308", diff --git a/2020/CVE-2020-6516.json b/2020/CVE-2020-6516.json index 9ec69cef5a..41b4c03596 100644 --- a/2020/CVE-2020-6516.json +++ b/2020/CVE-2020-6516.json @@ -13,10 +13,10 @@ "description": "PoC and tools for exploiting CVE-2020-6516 (Chrome) and CVE-2021-24027 (WhatsApp)", "fork": false, "created_at": "2021-03-11T15:27:25Z", - "updated_at": "2022-12-04T19:20:57Z", + "updated_at": "2022-12-28T08:29:09Z", "pushed_at": "2021-05-25T11:14:56Z", - "stargazers_count": 137, - "watchers_count": 137, + "stargazers_count": 138, + "watchers_count": 138, "has_discussions": false, "forks_count": 33, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 33, - "watchers": 137, + "watchers": 138, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-6624.json b/2020/CVE-2020-6624.json new file mode 100644 index 0000000000..03441450d4 --- /dev/null +++ b/2020/CVE-2020-6624.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983046, + "name": "CVE-2020-6624", + "full_name": "Live-Hack-CVE\/CVE-2020-6624", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-6624", + "description": "jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:14Z", + "updated_at": "2022-12-28T12:20:14Z", + "pushed_at": "2022-12-28T12:20:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-6625.json b/2020/CVE-2020-6625.json new file mode 100644 index 0000000000..cc75cec9df --- /dev/null +++ b/2020/CVE-2020-6625.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983220, + "name": "CVE-2020-6625", + "full_name": "Live-Hack-CVE\/CVE-2020-6625", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-6625", + "description": "jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:51Z", + "updated_at": "2022-12-28T12:20:51Z", + "pushed_at": "2022-12-28T12:20:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-7016.json b/2020/CVE-2020-7016.json new file mode 100644 index 0000000000..b059fa74ba --- /dev/null +++ b/2020/CVE-2020-7016.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934460, + "name": "CVE-2020-7016", + "full_name": "Live-Hack-CVE\/CVE-2020-7016", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-7016", + "description": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:48Z", + "updated_at": "2022-12-28T09:25:48Z", + "pushed_at": "2022-12-28T09:25:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-7246.json b/2020/CVE-2020-7246.json index d7751381c7..9702f88af2 100644 --- a/2020/CVE-2020-7246.json +++ b/2020/CVE-2020-7246.json @@ -56,5 +56,34 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 582959461, + "name": "CVE-2020-7246", + "full_name": "Live-Hack-CVE\/CVE-2020-7246", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-7246", + "description": "A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue ex CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:59Z", + "updated_at": "2022-12-28T10:54:59Z", + "pushed_at": "2022-12-28T10:55:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-7608.json b/2020/CVE-2020-7608.json new file mode 100644 index 0000000000..b4b75ad67a --- /dev/null +++ b/2020/CVE-2020-7608.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936815, + "name": "CVE-2020-7608", + "full_name": "Live-Hack-CVE\/CVE-2020-7608", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-7608", + "description": "yargs-parser could be tricked into adding or modifying properties of Object.prototype using a \"__proto__\" payload. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:48Z", + "updated_at": "2022-12-28T09:33:48Z", + "pushed_at": "2022-12-28T09:33:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-7729.json b/2020/CVE-2020-7729.json new file mode 100644 index 0000000000..0179a70334 --- /dev/null +++ b/2020/CVE-2020-7729.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933993, + "name": "CVE-2020-7729", + "full_name": "Live-Hack-CVE\/CVE-2020-7729", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-7729", + "description": "The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:24:17Z", + "updated_at": "2022-12-28T09:24:17Z", + "pushed_at": "2022-12-28T09:24:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-7961.json b/2020/CVE-2020-7961.json index 8506f1f605..92be931512 100644 --- a/2020/CVE-2020-7961.json +++ b/2020/CVE-2020-7961.json @@ -115,35 +115,6 @@ "watchers": 3, "score": 0 }, - { - "id": 319572948, - "name": "POC-CVE-2020-7961-Token-iterate", - "full_name": "shacojx\/POC-CVE-2020-7961-Token-iterate", - "owner": { - "login": "shacojx", - "id": 19655109, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19655109?v=4", - "html_url": "https:\/\/github.com\/shacojx" - }, - "html_url": "https:\/\/github.com\/shacojx\/POC-CVE-2020-7961-Token-iterate", - "description": "POC-CVE-2020-7961-Token-iterate", - "fork": false, - "created_at": "2020-12-08T08:22:18Z", - "updated_at": "2021-09-23T16:00:33Z", - "pushed_at": "2020-12-08T08:35:38Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 3, - "score": 0 - }, { "id": 326194141, "name": "CVE-2020-7961-Mass", diff --git a/2020/CVE-2020-7994.json b/2020/CVE-2020-7994.json new file mode 100644 index 0000000000..87d093d094 --- /dev/null +++ b/2020/CVE-2020-7994.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903610, + "name": "CVE-2020-7994", + "full_name": "Live-Hack-CVE\/CVE-2020-7994", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-7994", + "description": "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the \/htdocs\/admin\/dict.php?id=3 page; the (2) name[constname] parameter to the \/htdocs\/admin\/const.php?mainmenu=home page; the (3) note[note] param CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:32Z", + "updated_at": "2022-12-28T07:28:33Z", + "pushed_at": "2022-12-28T07:28:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-7995.json b/2020/CVE-2020-7995.json new file mode 100644 index 0000000000..57e1f9b95c --- /dev/null +++ b/2020/CVE-2020-7995.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903759, + "name": "CVE-2020-7995", + "full_name": "Live-Hack-CVE\/CVE-2020-7995", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-7995", + "description": "The htdocs\/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:10Z", + "updated_at": "2022-12-28T07:29:10Z", + "pushed_at": "2022-12-28T07:29:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-7996.json b/2020/CVE-2020-7996.json new file mode 100644 index 0000000000..83bf539564 --- /dev/null +++ b/2020/CVE-2020-7996.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903821, + "name": "CVE-2020-7996", + "full_name": "Live-Hack-CVE\/CVE-2020-7996", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-7996", + "description": "htdocs\/user\/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:24Z", + "updated_at": "2022-12-28T07:29:24Z", + "pushed_at": "2022-12-28T07:29:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-8209.json b/2020/CVE-2020-8209.json deleted file mode 100644 index 94f650b14c..0000000000 --- a/2020/CVE-2020-8209.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 313538484, - "name": "CVE-2020-8209", - "full_name": "B1anda0\/CVE-2020-8209", - "owner": { - "login": "B1anda0", - "id": 74232513, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/74232513?v=4", - "html_url": "https:\/\/github.com\/B1anda0" - }, - "html_url": "https:\/\/github.com\/B1anda0\/CVE-2020-8209", - "description": "该脚本为Citrix XenMobile 目录遍历漏洞(CVE-2020-8209)批量检测脚本。", - "fork": false, - "created_at": "2020-11-17T07:20:46Z", - "updated_at": "2021-10-18T03:32:04Z", - "pushed_at": "2020-12-07T07:46:06Z", - "stargazers_count": 30, - "watchers_count": 30, - "has_discussions": false, - "forks_count": 13, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 13, - "watchers": 30, - "score": 0 - } -] \ No newline at end of file diff --git a/2020/CVE-2020-8277.json b/2020/CVE-2020-8277.json index 4e78b7c4d5..4fd6ea51bf 100644 --- a/2020/CVE-2020-8277.json +++ b/2020/CVE-2020-8277.json @@ -1,33 +1,4 @@ [ - { - "id": 313906359, - "name": "CVE-2020-8277", - "full_name": "masahiro331\/CVE-2020-8277", - "owner": { - "login": "masahiro331", - "id": 20438853, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/20438853?v=4", - "html_url": "https:\/\/github.com\/masahiro331" - }, - "html_url": "https:\/\/github.com\/masahiro331\/CVE-2020-8277", - "description": null, - "fork": false, - "created_at": "2020-11-18T10:57:13Z", - "updated_at": "2022-11-09T18:10:08Z", - "pushed_at": "2020-11-20T11:37:07Z", - "stargazers_count": 7, - "watchers_count": 7, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 7, - "score": 0 - }, { "id": 384786682, "name": "CVE-2020-8277", diff --git a/2020/CVE-2020-8554.json b/2020/CVE-2020-8554.json index 26a6b8d76a..4d3fccefd7 100644 --- a/2020/CVE-2020-8554.json +++ b/2020/CVE-2020-8554.json @@ -57,35 +57,6 @@ "watchers": 1, "score": 0 }, - { - "id": 322992127, - "name": "k8s-cve-2020-8554-mitigations", - "full_name": "twistlock\/k8s-cve-2020-8554-mitigations", - "owner": { - "login": "twistlock", - "id": 12218272, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12218272?v=4", - "html_url": "https:\/\/github.com\/twistlock" - }, - "html_url": "https:\/\/github.com\/twistlock\/k8s-cve-2020-8554-mitigations", - "description": "Prisma Cloud Compute Admission rules to mitigate Kubernetes CVE-2020-8554", - "fork": false, - "created_at": "2020-12-20T04:22:43Z", - "updated_at": "2021-02-23T07:38:24Z", - "pushed_at": "2020-12-22T16:04:01Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - }, { "id": 331774345, "name": "CVE-2020-8554", diff --git a/2020/CVE-2020-8555.json b/2020/CVE-2020-8555.json new file mode 100644 index 0000000000..b59ff2aa5b --- /dev/null +++ b/2020/CVE-2020-8555.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934670, + "name": "CVE-2020-8555", + "full_name": "Live-Hack-CVE\/CVE-2020-8555", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-8555", + "description": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:26:30Z", + "updated_at": "2022-12-28T09:26:30Z", + "pushed_at": "2022-12-28T09:26:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-9016.json b/2020/CVE-2020-9016.json new file mode 100644 index 0000000000..beab3653df --- /dev/null +++ b/2020/CVE-2020-9016.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903774, + "name": "CVE-2020-9016", + "full_name": "Live-Hack-CVE\/CVE-2020-9016", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2020-9016", + "description": "Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:29:14Z", + "updated_at": "2022-12-28T07:29:14Z", + "pushed_at": "2022-12-28T07:29:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-0185.json b/2021/CVE-2021-0185.json new file mode 100644 index 0000000000..08bf6e397c --- /dev/null +++ b/2021/CVE-2021-0185.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933738, + "name": "CVE-2021-0185", + "full_name": "Live-Hack-CVE\/CVE-2021-0185", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-0185", + "description": "Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:18Z", + "updated_at": "2022-12-28T09:23:18Z", + "pushed_at": "2022-12-28T09:23:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-0325.json b/2021/CVE-2021-0325.json deleted file mode 100644 index efa3ccc776..0000000000 --- a/2021/CVE-2021-0325.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 476747255, - "name": "external_libavc_AOSP10_r33_CVE-2021-0325", - "full_name": "nanopathi\/external_libavc_AOSP10_r33_CVE-2021-0325", - "owner": { - "login": "nanopathi", - "id": 26024136, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26024136?v=4", - "html_url": "https:\/\/github.com\/nanopathi" - }, - "html_url": "https:\/\/github.com\/nanopathi\/external_libavc_AOSP10_r33_CVE-2021-0325", - "description": null, - "fork": false, - "created_at": "2022-04-01T14:11:58Z", - "updated_at": "2022-04-18T09:32:07Z", - "pushed_at": "2022-04-01T14:18:28Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-0326.json b/2021/CVE-2021-0326.json index 435aad7c16..a7f6343e69 100644 --- a/2021/CVE-2021-0326.json +++ b/2021/CVE-2021-0326.json @@ -1,33 +1,4 @@ [ - { - "id": 449055330, - "name": "skeleton", - "full_name": "aemmitt-ns\/skeleton", - "owner": { - "login": "aemmitt-ns", - "id": 51972960, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/51972960?v=4", - "html_url": "https:\/\/github.com\/aemmitt-ns" - }, - "html_url": "https:\/\/github.com\/aemmitt-ns\/skeleton", - "description": "Skeleton (but pronounced like Peloton): A Zero-Click RCE exploit for CVE-2021-0326", - "fork": false, - "created_at": "2022-01-17T21:35:19Z", - "updated_at": "2022-12-06T07:42:44Z", - "pushed_at": "2022-03-16T02:58:42Z", - "stargazers_count": 16, - "watchers_count": 16, - "has_discussions": false, - "forks_count": 6, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 6, - "watchers": 16, - "score": 0 - }, { "id": 485818095, "name": "wpa_supplicant_8_CVE-2021-0326.", diff --git a/2021/CVE-2021-0330.json b/2021/CVE-2021-0330.json deleted file mode 100644 index 00a7f22dd3..0000000000 --- a/2021/CVE-2021-0330.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 476240143, - "name": "system_core_AOSP10_r33-CVE-2021-0330", - "full_name": "Satheesh575555\/system_core_AOSP10_r33-CVE-2021-0330", - "owner": { - "login": "Satheesh575555", - "id": 102573923, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102573923?v=4", - "html_url": "https:\/\/github.com\/Satheesh575555" - }, - "html_url": "https:\/\/github.com\/Satheesh575555\/system_core_AOSP10_r33-CVE-2021-0330", - "description": null, - "fork": false, - "created_at": "2022-03-31T09:36:07Z", - "updated_at": "2022-03-31T09:39:44Z", - "pushed_at": "2022-03-31T09:40:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-0334.json b/2021/CVE-2021-0334.json deleted file mode 100644 index 6d03549ef9..0000000000 --- a/2021/CVE-2021-0334.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 476687472, - "name": "frameworks_base_AOSP10_r33_CVE-2021-0334", - "full_name": "ShaikUsaf\/frameworks_base_AOSP10_r33_CVE-2021-0334", - "owner": { - "login": "ShaikUsaf", - "id": 100413972, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/100413972?v=4", - "html_url": "https:\/\/github.com\/ShaikUsaf" - }, - "html_url": "https:\/\/github.com\/ShaikUsaf\/frameworks_base_AOSP10_r33_CVE-2021-0334", - "description": null, - "fork": false, - "created_at": "2022-04-01T11:10:57Z", - "updated_at": "2022-04-01T11:28:17Z", - "pushed_at": "2022-04-01T12:01:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-0397.json b/2021/CVE-2021-0397.json deleted file mode 100644 index 3e9cf26456..0000000000 --- a/2021/CVE-2021-0397.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 476561257, - "name": "System_bt_AOSP10-r33_CVE-2021-0397", - "full_name": "Satheesh575555\/System_bt_AOSP10-r33_CVE-2021-0397", - "owner": { - "login": "Satheesh575555", - "id": 102573923, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102573923?v=4", - "html_url": "https:\/\/github.com\/Satheesh575555" - }, - "html_url": "https:\/\/github.com\/Satheesh575555\/System_bt_AOSP10-r33_CVE-2021-0397", - "description": null, - "fork": false, - "created_at": "2022-04-01T03:31:38Z", - "updated_at": "2022-04-01T03:35:40Z", - "pushed_at": "2022-04-01T03:35:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-0472.json b/2021/CVE-2021-0472.json deleted file mode 100644 index fe085b7f29..0000000000 --- a/2021/CVE-2021-0472.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 476366397, - "name": "framework_base_AOSP10_r33_CVE-2021-0472", - "full_name": "nanopathi\/framework_base_AOSP10_r33_CVE-2021-0472", - "owner": { - "login": "nanopathi", - "id": 26024136, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26024136?v=4", - "html_url": "https:\/\/github.com\/nanopathi" - }, - "html_url": "https:\/\/github.com\/nanopathi\/framework_base_AOSP10_r33_CVE-2021-0472", - "description": null, - "fork": false, - "created_at": "2022-03-31T15:28:01Z", - "updated_at": "2022-04-01T02:30:35Z", - "pushed_at": "2022-03-31T15:38:27Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-0476.json b/2021/CVE-2021-0476.json deleted file mode 100644 index af52d9260d..0000000000 --- a/2021/CVE-2021-0476.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 477595432, - "name": "system_bt_AOSP10_r33_CVE-2021-0476", - "full_name": "nanopathi\/system_bt_AOSP10_r33_CVE-2021-0476", - "owner": { - "login": "nanopathi", - "id": 26024136, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26024136?v=4", - "html_url": "https:\/\/github.com\/nanopathi" - }, - "html_url": "https:\/\/github.com\/nanopathi\/system_bt_AOSP10_r33_CVE-2021-0476", - "description": null, - "fork": false, - "created_at": "2022-04-04T07:35:45Z", - "updated_at": "2022-04-04T07:50:01Z", - "pushed_at": "2022-04-04T07:50:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-0595.json b/2021/CVE-2021-0595.json index 3727a07c67..53ce5b198c 100644 --- a/2021/CVE-2021-0595.json +++ b/2021/CVE-2021-0595.json @@ -1,33 +1,4 @@ [ - { - "id": 470544287, - "name": "Settings-CVE-2021-0595", - "full_name": "pazhanivel07\/Settings-CVE-2021-0595", - "owner": { - "login": "pazhanivel07", - "id": 97434034, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/97434034?v=4", - "html_url": "https:\/\/github.com\/pazhanivel07" - }, - "html_url": "https:\/\/github.com\/pazhanivel07\/Settings-CVE-2021-0595", - "description": null, - "fork": false, - "created_at": "2022-03-16T10:59:58Z", - "updated_at": "2022-03-16T10:59:58Z", - "pushed_at": "2022-03-16T10:59:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 484316243, "name": "frameworks_base_Aosp10_r33_CVE-2021-0595", diff --git a/2021/CVE-2021-0652.json b/2021/CVE-2021-0652.json deleted file mode 100644 index 14f310dd9e..0000000000 --- a/2021/CVE-2021-0652.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 476594576, - "name": "frameworks_base_AOSP10_r33_CVE-2021-0652", - "full_name": "Satheesh575555\/frameworks_base_AOSP10_r33_CVE-2021-0652", - "owner": { - "login": "Satheesh575555", - "id": 102573923, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102573923?v=4", - "html_url": "https:\/\/github.com\/Satheesh575555" - }, - "html_url": "https:\/\/github.com\/Satheesh575555\/frameworks_base_AOSP10_r33_CVE-2021-0652", - "description": null, - "fork": false, - "created_at": "2022-04-01T06:06:53Z", - "updated_at": "2022-04-01T06:16:36Z", - "pushed_at": "2022-04-01T06:15:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-0928.json b/2021/CVE-2021-0928.json deleted file mode 100644 index 851359f5b2..0000000000 --- a/2021/CVE-2021-0928.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 453362563, - "name": "ReparcelBug2", - "full_name": "michalbednarski\/ReparcelBug2", - "owner": { - "login": "michalbednarski", - "id": 1826899, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1826899?v=4", - "html_url": "https:\/\/github.com\/michalbednarski" - }, - "html_url": "https:\/\/github.com\/michalbednarski\/ReparcelBug2", - "description": "Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`\/`createFromParcel` serialization mismatch in `OutputConfiguration`", - "fork": false, - "created_at": "2022-01-29T10:14:32Z", - "updated_at": "2022-12-13T07:29:43Z", - "pushed_at": "2022-03-03T17:50:03Z", - "stargazers_count": 50, - "watchers_count": 50, - "has_discussions": false, - "forks_count": 13, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 13, - "watchers": 50, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-1050.json b/2021/CVE-2021-1050.json new file mode 100644 index 0000000000..15623c9574 --- /dev/null +++ b/2021/CVE-2021-1050.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969775, + "name": "CVE-2021-1050", + "full_name": "Live-Hack-CVE\/CVE-2021-1050", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-1050", + "description": "In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-24382 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:02Z", + "updated_at": "2022-12-28T11:33:02Z", + "pushed_at": "2022-12-28T11:33:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-20227.json b/2021/CVE-2021-20227.json new file mode 100644 index 0000000000..55c5744080 --- /dev/null +++ b/2021/CVE-2021-20227.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923692, + "name": "CVE-2021-20227", + "full_name": "Live-Hack-CVE\/CVE-2021-20227", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-20227", + "description": "A flaw was found in SQLite's SELECT query functionality (src\/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availa CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:23Z", + "updated_at": "2022-12-28T08:46:23Z", + "pushed_at": "2022-12-28T08:46:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-20294.json b/2021/CVE-2021-20294.json new file mode 100644 index 0000000000..7e418e5681 --- /dev/null +++ b/2021/CVE-2021-20294.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934986, + "name": "CVE-2021-20294", + "full_name": "Live-Hack-CVE\/CVE-2021-20294", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-20294", + "description": "A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:35Z", + "updated_at": "2022-12-28T09:27:35Z", + "pushed_at": "2022-12-28T09:27:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-20587.json b/2021/CVE-2021-20587.json new file mode 100644 index 0000000000..81d7974ead --- /dev/null +++ b/2021/CVE-2021-20587.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901308, + "name": "CVE-2021-20587", + "full_name": "Live-Hack-CVE\/CVE-2021-20587", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-20587", + "description": "Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:19:28Z", + "updated_at": "2022-12-28T07:19:28Z", + "pushed_at": "2022-12-28T07:19:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-20837.json b/2021/CVE-2021-20837.json deleted file mode 100644 index 202faf1b09..0000000000 --- a/2021/CVE-2021-20837.json +++ /dev/null @@ -1,34 +0,0 @@ -[ - { - "id": 422835153, - "name": "CVE-2021-20837", - "full_name": "orangmuda\/CVE-2021-20837", - "owner": { - "login": "orangmuda", - "id": 91846073, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/91846073?v=4", - "html_url": "https:\/\/github.com\/orangmuda" - }, - "html_url": "https:\/\/github.com\/orangmuda\/CVE-2021-20837", - "description": "XMLRPC - RCE in MovableTypePoC", - "fork": false, - "created_at": "2021-10-30T09:15:56Z", - "updated_at": "2022-11-09T18:14:15Z", - "pushed_at": "2022-03-21T13:23:03Z", - "stargazers_count": 22, - "watchers_count": 22, - "has_discussions": false, - "forks_count": 10, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2021-20837", - "xmlrpc-api" - ], - "visibility": "public", - "forks": 10, - "watchers": 22, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-21017.json b/2021/CVE-2021-21017.json index 55af78d089..5504db8586 100644 --- a/2021/CVE-2021-21017.json +++ b/2021/CVE-2021-21017.json @@ -27,34 +27,5 @@ "forks": 13, "watchers": 45, "score": 0 - }, - { - "id": 475487342, - "name": "CVE-2021-21017", - "full_name": "tzwlhack\/CVE-2021-21017", - "owner": { - "login": "tzwlhack", - "id": 86322859, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/86322859?v=4", - "html_url": "https:\/\/github.com\/tzwlhack" - }, - "html_url": "https:\/\/github.com\/tzwlhack\/CVE-2021-21017", - "description": null, - "fork": false, - "created_at": "2022-03-29T14:45:16Z", - "updated_at": "2022-03-29T14:45:28Z", - "pushed_at": "2022-03-29T14:45:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-2109.json b/2021/CVE-2021-2109.json index b169435a14..ea70ce73c5 100644 --- a/2021/CVE-2021-2109.json +++ b/2021/CVE-2021-2109.json @@ -91,35 +91,6 @@ "watchers": 5, "score": 0 }, - { - "id": 475591127, - "name": "CVE-2021-2109", - "full_name": "coco0x0a\/CVE-2021-2109", - "owner": { - "login": "coco0x0a", - "id": 96345719, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/96345719?v=4", - "html_url": "https:\/\/github.com\/coco0x0a" - }, - "html_url": "https:\/\/github.com\/coco0x0a\/CVE-2021-2109", - "description": null, - "fork": false, - "created_at": "2022-03-29T19:29:29Z", - "updated_at": "2022-03-29T21:05:01Z", - "pushed_at": "2022-03-29T21:04:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 530633500, "name": "oracle-weblogic-CVE-2021-2109", diff --git a/2021/CVE-2021-2119.json b/2021/CVE-2021-2119.json index 5648de8464..8f9a10da19 100644 --- a/2021/CVE-2021-2119.json +++ b/2021/CVE-2021-2119.json @@ -27,63 +27,5 @@ "forks": 21, "watchers": 127, "score": 0 - }, - { - "id": 471867550, - "name": "Sauercloude", - "full_name": "chatbottesisgmailh\/Sauercloude", - "owner": { - "login": "chatbottesisgmailh", - "id": 101959431, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101959431?v=4", - "html_url": "https:\/\/github.com\/chatbottesisgmailh" - }, - "html_url": "https:\/\/github.com\/chatbottesisgmailh\/Sauercloude", - "description": "0day VirtualBox 6.1.2 Escape for RealWorld CTF 2020\/2021 CVE-2021-2119", - "fork": false, - "created_at": "2022-03-20T03:17:03Z", - "updated_at": "2022-03-20T03:17:04Z", - "pushed_at": "2022-03-20T03:17:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 477297752, - "name": "Sauercloude", - "full_name": "shi10587s\/Sauercloude", - "owner": { - "login": "shi10587s", - "id": 102901010, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102901010?v=4", - "html_url": "https:\/\/github.com\/shi10587s" - }, - "html_url": "https:\/\/github.com\/shi10587s\/Sauercloude", - "description": "0day VirtualBox 6.1.2 Escape for RealWorld CTF 2020\/2021 CVE-2021-2119", - "fork": false, - "created_at": "2022-04-03T09:46:03Z", - "updated_at": "2022-04-03T09:46:03Z", - "pushed_at": "2022-04-03T09:46:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-21193.json b/2021/CVE-2021-21193.json deleted file mode 100644 index 47808ce7df..0000000000 --- a/2021/CVE-2021-21193.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 474836947, - "name": "CVE-2021-21193", - "full_name": "mehrzad1994\/CVE-2021-21193", - "owner": { - "login": "mehrzad1994", - "id": 19632843, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19632843?v=4", - "html_url": "https:\/\/github.com\/mehrzad1994" - }, - "html_url": "https:\/\/github.com\/mehrzad1994\/CVE-2021-21193", - "description": "introduction to hacking second presentation", - "fork": false, - "created_at": "2022-03-28T03:51:58Z", - "updated_at": "2022-03-28T03:51:58Z", - "pushed_at": "2022-03-28T13:06:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-21300.json b/2021/CVE-2021-21300.json index a6aaa56838..87345459bc 100644 --- a/2021/CVE-2021-21300.json +++ b/2021/CVE-2021-21300.json @@ -260,64 +260,6 @@ "watchers": 0, "score": 0 }, - { - "id": 470823423, - "name": "cve-2021-21300", - "full_name": "Jiang59991\/cve-2021-21300", - "owner": { - "login": "Jiang59991", - "id": 101699680, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101699680?v=4", - "html_url": "https:\/\/github.com\/Jiang59991" - }, - "html_url": "https:\/\/github.com\/Jiang59991\/cve-2021-21300", - "description": null, - "fork": false, - "created_at": "2022-03-17T02:37:58Z", - "updated_at": "2022-03-17T02:37:58Z", - "pushed_at": "2022-03-17T02:47:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 473848809, - "name": "cve-2021-21300-plus", - "full_name": "Jiang59991\/cve-2021-21300-plus", - "owner": { - "login": "Jiang59991", - "id": 101699680, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101699680?v=4", - "html_url": "https:\/\/github.com\/Jiang59991" - }, - "html_url": "https:\/\/github.com\/Jiang59991\/cve-2021-21300-plus", - "description": null, - "fork": false, - "created_at": "2022-03-25T02:59:41Z", - "updated_at": "2022-03-25T03:26:08Z", - "pushed_at": "2022-03-25T03:26:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 509747722, "name": "CVE-2021-21300", diff --git a/2021/CVE-2021-21341.json b/2021/CVE-2021-21341.json index 9870b9cad0..7940546184 100644 --- a/2021/CVE-2021-21341.json +++ b/2021/CVE-2021-21341.json @@ -27,34 +27,5 @@ "forks": 1, "watchers": 0, "score": 0 - }, - { - "id": 470049863, - "name": "ka-cve-2021-21341", - "full_name": "Mani1325\/ka-cve-2021-21341", - "owner": { - "login": "Mani1325", - "id": 96471113, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/96471113?v=4", - "html_url": "https:\/\/github.com\/Mani1325" - }, - "html_url": "https:\/\/github.com\/Mani1325\/ka-cve-2021-21341", - "description": null, - "fork": false, - "created_at": "2022-03-15T07:28:52Z", - "updated_at": "2022-03-15T07:38:51Z", - "pushed_at": "2022-03-15T07:38:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 0, - "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-21772.json b/2021/CVE-2021-21772.json new file mode 100644 index 0000000000..4e6a834091 --- /dev/null +++ b/2021/CVE-2021-21772.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934872, + "name": "CVE-2021-21772", + "full_name": "Live-Hack-CVE\/CVE-2021-21772", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-21772", + "description": "A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:12Z", + "updated_at": "2022-12-28T09:27:12Z", + "pushed_at": "2022-12-28T09:27:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-21972.json b/2021/CVE-2021-21972.json index 1ada27d93c..0eba4df2f8 100644 --- a/2021/CVE-2021-21972.json +++ b/2021/CVE-2021-21972.json @@ -718,40 +718,6 @@ "watchers": 1, "score": 0 }, - { - "id": 413216838, - "name": "CVE-2021-21972", - "full_name": "orangmuda\/CVE-2021-21972", - "owner": { - "login": "orangmuda", - "id": 91846073, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/91846073?v=4", - "html_url": "https:\/\/github.com\/orangmuda" - }, - "html_url": "https:\/\/github.com\/orangmuda\/CVE-2021-21972", - "description": "CVE-2021-21972 – ᴠᴍᴡᴀʀᴇ ᴄʟɪᴇɴᴛ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴄᴏᴅᴇ ɪɴᴊᴇᴄᴛɪᴏɴ (ʀᴄᴇ)", - "fork": false, - "created_at": "2021-10-03T23:03:11Z", - "updated_at": "2022-11-15T17:44:46Z", - "pushed_at": "2022-03-07T14:12:38Z", - "stargazers_count": 7, - "watchers_count": 7, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2021-21972", - "exploit", - "remote-code-execution", - "vmware" - ], - "visibility": "public", - "forks": 3, - "watchers": 7, - "score": 0 - }, { "id": 492815004, "name": "cve-2021-21972_PoC", @@ -795,10 +761,10 @@ "description": "一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972\/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接", "fork": false, "created_at": "2022-10-04T03:39:27Z", - "updated_at": "2022-12-28T02:11:54Z", + "updated_at": "2022-12-28T11:06:48Z", "pushed_at": "2022-12-15T04:07:54Z", - "stargazers_count": 780, - "watchers_count": 780, + "stargazers_count": 782, + "watchers_count": 782, "has_discussions": false, "forks_count": 84, "allow_forking": true, @@ -814,7 +780,7 @@ ], "visibility": "public", "forks": 84, - "watchers": 780, + "watchers": 782, "score": 0 }, { diff --git a/2021/CVE-2021-21983.json b/2021/CVE-2021-21983.json deleted file mode 100644 index 6233bd6628..0000000000 --- a/2021/CVE-2021-21983.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 470562831, - "name": "CVE-2021-21983", - "full_name": "murataydemir\/CVE-2021-21983", - "owner": { - "login": "murataydemir", - "id": 16391655, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16391655?v=4", - "html_url": "https:\/\/github.com\/murataydemir" - }, - "html_url": "https:\/\/github.com\/murataydemir\/CVE-2021-21983", - "description": "[CVE-2021-21983] VMware vRealize Operations (vROps) Manager API Arbitrary File Write Leads to Remote Code Execution (RCE)", - "fork": false, - "created_at": "2022-03-16T11:56:25Z", - "updated_at": "2022-08-15T05:24:38Z", - "pushed_at": "2022-03-16T13:08:46Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-22204.json b/2021/CVE-2021-22204.json index 9fb4f4b860..d194822f2f 100644 --- a/2021/CVE-2021-22204.json +++ b/2021/CVE-2021-22204.json @@ -89,35 +89,6 @@ "watchers": 6, "score": 0 }, - { - "id": 474844634, - "name": "CVE-2021-22204", - "full_name": "Pajarraco4444\/CVE-2021-22204", - "owner": { - "login": "Pajarraco4444", - "id": 102332204, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102332204?v=4", - "html_url": "https:\/\/github.com\/Pajarraco4444" - }, - "html_url": "https:\/\/github.com\/Pajarraco4444\/CVE-2021-22204", - "description": "Script en python para crear imagenes maliciosas (reverse shell)", - "fork": false, - "created_at": "2022-03-28T04:27:05Z", - "updated_at": "2022-09-02T03:21:29Z", - "pushed_at": "2022-03-11T19:02:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 482377691, "name": "exploit-CVE-2021-22204", diff --git a/2021/CVE-2021-22205.json b/2021/CVE-2021-22205.json index bf132cd89e..2a624ece8d 100644 --- a/2021/CVE-2021-22205.json +++ b/2021/CVE-2021-22205.json @@ -117,35 +117,6 @@ "watchers": 1, "score": 0 }, - { - "id": 469576094, - "name": "CVE-2021-22205", - "full_name": "honypot\/CVE-2021-22205", - "owner": { - "login": "honypot", - "id": 101309325, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101309325?v=4", - "html_url": "https:\/\/github.com\/honypot" - }, - "html_url": "https:\/\/github.com\/honypot\/CVE-2021-22205", - "description": null, - "fork": false, - "created_at": "2022-03-14T04:09:18Z", - "updated_at": "2022-03-14T04:09:34Z", - "pushed_at": "2022-03-14T04:09:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 482719088, "name": "cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated-", diff --git a/2021/CVE-2021-22737.json b/2021/CVE-2021-22737.json new file mode 100644 index 0000000000..d5220982a6 --- /dev/null +++ b/2021/CVE-2021-22737.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948526, + "name": "CVE-2021-22737", + "full_name": "Live-Hack-CVE\/CVE-2021-22737", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-22737", + "description": "Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:14:58Z", + "updated_at": "2022-12-28T10:14:58Z", + "pushed_at": "2022-12-28T10:15:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-22986.json b/2021/CVE-2021-22986.json index 1e5649be64..273a49a46d 100644 --- a/2021/CVE-2021-22986.json +++ b/2021/CVE-2021-22986.json @@ -294,35 +294,6 @@ "watchers": 0, "score": 0 }, - { - "id": 476541451, - "name": "CVE-2021-22986", - "full_name": "DDestinys\/CVE-2021-22986", - "owner": { - "login": "DDestinys", - "id": 73631761, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73631761?v=4", - "html_url": "https:\/\/github.com\/DDestinys" - }, - "html_url": "https:\/\/github.com\/DDestinys\/CVE-2021-22986", - "description": "BIGIP F5", - "fork": false, - "created_at": "2022-04-01T02:02:33Z", - "updated_at": "2022-04-01T02:03:21Z", - "pushed_at": "2022-04-01T02:03:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 497326298, "name": "F5-BIG-IP-POC", diff --git a/2021/CVE-2021-23239.json b/2021/CVE-2021-23239.json new file mode 100644 index 0000000000..5bda4af83c --- /dev/null +++ b/2021/CVE-2021-23239.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971164, + "name": "CVE-2021-23239", + "full_name": "Live-Hack-CVE\/CVE-2021-23239", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-23239", + "description": "The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:49Z", + "updated_at": "2022-12-28T11:37:49Z", + "pushed_at": "2022-12-28T11:37:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-23394.json b/2021/CVE-2021-23394.json new file mode 100644 index 0000000000..145d64d23a --- /dev/null +++ b/2021/CVE-2021-23394.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971646, + "name": "CVE-2021-23394", + "full_name": "Live-Hack-CVE\/CVE-2021-23394", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-23394", + "description": "The package studio-42\/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:34Z", + "updated_at": "2022-12-28T11:39:34Z", + "pushed_at": "2022-12-28T11:39:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24027.json b/2021/CVE-2021-24027.json index 9ec69cef5a..41b4c03596 100644 --- a/2021/CVE-2021-24027.json +++ b/2021/CVE-2021-24027.json @@ -13,10 +13,10 @@ "description": "PoC and tools for exploiting CVE-2020-6516 (Chrome) and CVE-2021-24027 (WhatsApp)", "fork": false, "created_at": "2021-03-11T15:27:25Z", - "updated_at": "2022-12-04T19:20:57Z", + "updated_at": "2022-12-28T08:29:09Z", "pushed_at": "2021-05-25T11:14:56Z", - "stargazers_count": 137, - "watchers_count": 137, + "stargazers_count": 138, + "watchers_count": 138, "has_discussions": false, "forks_count": 33, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 33, - "watchers": 137, + "watchers": 138, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-24144.json b/2021/CVE-2021-24144.json new file mode 100644 index 0000000000..f40128082f --- /dev/null +++ b/2021/CVE-2021-24144.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946973, + "name": "CVE-2021-24144", + "full_name": "Live-Hack-CVE\/CVE-2021-24144", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24144", + "description": "Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:43Z", + "updated_at": "2022-12-28T10:09:43Z", + "pushed_at": "2022-12-28T10:09:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24347.json b/2021/CVE-2021-24347.json new file mode 100644 index 0000000000..c533cc322d --- /dev/null +++ b/2021/CVE-2021-24347.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971377, + "name": "CVE-2021-24347", + "full_name": "Live-Hack-CVE\/CVE-2021-24347", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24347", + "description": "The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing t CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:33Z", + "updated_at": "2022-12-28T11:38:33Z", + "pushed_at": "2022-12-28T11:38:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24349.json b/2021/CVE-2021-24349.json new file mode 100644 index 0000000000..c0044482fa --- /dev/null +++ b/2021/CVE-2021-24349.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971533, + "name": "CVE-2021-24349", + "full_name": "Live-Hack-CVE\/CVE-2021-24349", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24349", + "description": "This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the at CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:07Z", + "updated_at": "2022-12-28T11:39:07Z", + "pushed_at": "2022-12-28T11:39:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24444.json b/2021/CVE-2021-24444.json new file mode 100644 index 0000000000..781755282c --- /dev/null +++ b/2021/CVE-2021-24444.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924742, + "name": "CVE-2021-24444", + "full_name": "Live-Hack-CVE\/CVE-2021-24444", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24444", + "description": "The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:25Z", + "updated_at": "2022-12-28T08:50:25Z", + "pushed_at": "2022-12-28T08:50:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24504.json b/2021/CVE-2021-24504.json new file mode 100644 index 0000000000..0ad178e5f2 --- /dev/null +++ b/2021/CVE-2021-24504.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971502, + "name": "CVE-2021-24504", + "full_name": "Live-Hack-CVE\/CVE-2021-24504", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24504", + "description": "The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthen CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:00Z", + "updated_at": "2022-12-28T11:39:00Z", + "pushed_at": "2022-12-28T11:39:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24543.json b/2021/CVE-2021-24543.json new file mode 100644 index 0000000000..e00447c3ee --- /dev/null +++ b/2021/CVE-2021-24543.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968676, + "name": "CVE-2021-24543", + "full_name": "Live-Hack-CVE\/CVE-2021-24543", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24543", + "description": "The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:08Z", + "updated_at": "2022-12-28T11:29:08Z", + "pushed_at": "2022-12-28T11:29:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24555.json b/2021/CVE-2021-24555.json new file mode 100644 index 0000000000..c2e9634d4f --- /dev/null +++ b/2021/CVE-2021-24555.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969515, + "name": "CVE-2021-24555", + "full_name": "Live-Hack-CVE\/CVE-2021-24555", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24555", + "description": "The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, makin CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:00Z", + "updated_at": "2022-12-28T11:32:00Z", + "pushed_at": "2022-12-28T11:32:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24570.json b/2021/CVE-2021-24570.json new file mode 100644 index 0000000000..907330dfb0 --- /dev/null +++ b/2021/CVE-2021-24570.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968642, + "name": "CVE-2021-24570", + "full_name": "Live-Hack-CVE\/CVE-2021-24570", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24570", + "description": "The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:01Z", + "updated_at": "2022-12-28T11:29:01Z", + "pushed_at": "2022-12-28T11:29:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24595.json b/2021/CVE-2021-24595.json new file mode 100644 index 0000000000..33330dad40 --- /dev/null +++ b/2021/CVE-2021-24595.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960462, + "name": "CVE-2021-24595", + "full_name": "Live-Hack-CVE\/CVE-2021-24595", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24595", + "description": "The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:23Z", + "updated_at": "2022-12-28T10:58:23Z", + "pushed_at": "2022-12-28T10:58:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24615.json b/2021/CVE-2021-24615.json new file mode 100644 index 0000000000..65b218f515 --- /dev/null +++ b/2021/CVE-2021-24615.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960423, + "name": "CVE-2021-24615", + "full_name": "Live-Hack-CVE\/CVE-2021-24615", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24615", + "description": "The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:16Z", + "updated_at": "2022-12-28T10:58:16Z", + "pushed_at": "2022-12-28T10:58:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24626.json b/2021/CVE-2021-24626.json new file mode 100644 index 0000000000..bea7420728 --- /dev/null +++ b/2021/CVE-2021-24626.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960557, + "name": "CVE-2021-24626", + "full_name": "Live-Hack-CVE\/CVE-2021-24626", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24626", + "description": "The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it i CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:44Z", + "updated_at": "2022-12-28T10:58:44Z", + "pushed_at": "2022-12-28T10:58:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24642.json b/2021/CVE-2021-24642.json new file mode 100644 index 0000000000..1987e0a864 --- /dev/null +++ b/2021/CVE-2021-24642.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960442, + "name": "CVE-2021-24642", + "full_name": "Live-Hack-CVE\/CVE-2021-24642", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24642", + "description": "The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:19Z", + "updated_at": "2022-12-28T10:58:19Z", + "pushed_at": "2022-12-28T10:58:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24651.json b/2021/CVE-2021-24651.json new file mode 100644 index 0000000000..1d3050ee05 --- /dev/null +++ b/2021/CVE-2021-24651.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960477, + "name": "CVE-2021-24651", + "full_name": "Live-Hack-CVE\/CVE-2021-24651", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24651", + "description": "The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:26Z", + "updated_at": "2022-12-28T10:58:26Z", + "pushed_at": "2022-12-28T10:58:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24683.json b/2021/CVE-2021-24683.json new file mode 100644 index 0000000000..493abc18ad --- /dev/null +++ b/2021/CVE-2021-24683.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960488, + "name": "CVE-2021-24683", + "full_name": "Live-Hack-CVE\/CVE-2021-24683", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24683", + "description": "The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:30Z", + "updated_at": "2022-12-28T10:58:30Z", + "pushed_at": "2022-12-28T10:58:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24685.json b/2021/CVE-2021-24685.json new file mode 100644 index 0000000000..f9e6e9cf2f --- /dev/null +++ b/2021/CVE-2021-24685.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968661, + "name": "CVE-2021-24685", + "full_name": "Live-Hack-CVE\/CVE-2021-24685", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24685", + "description": "The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the paylo CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:05Z", + "updated_at": "2022-12-28T11:29:05Z", + "pushed_at": "2022-12-28T11:29:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24695.json b/2021/CVE-2021-24695.json new file mode 100644 index 0000000000..3a8d0e7157 --- /dev/null +++ b/2021/CVE-2021-24695.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960542, + "name": "CVE-2021-24695", + "full_name": "Live-Hack-CVE\/CVE-2021-24695", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24695", + "description": "The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:40Z", + "updated_at": "2022-12-28T10:58:40Z", + "pushed_at": "2022-12-28T10:58:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24730.json b/2021/CVE-2021-24730.json new file mode 100644 index 0000000000..51e955d8ea --- /dev/null +++ b/2021/CVE-2021-24730.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968816, + "name": "CVE-2021-24730", + "full_name": "Live-Hack-CVE\/CVE-2021-24730", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24730", + "description": "The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:32Z", + "updated_at": "2022-12-28T11:29:32Z", + "pushed_at": "2022-12-28T11:29:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24739.json b/2021/CVE-2021-24739.json new file mode 100644 index 0000000000..34df625e06 --- /dev/null +++ b/2021/CVE-2021-24739.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960291, + "name": "CVE-2021-24739", + "full_name": "Live-Hack-CVE\/CVE-2021-24739", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24739", + "description": "The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:49Z", + "updated_at": "2022-12-28T10:57:49Z", + "pushed_at": "2022-12-28T10:57:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24822.json b/2021/CVE-2021-24822.json new file mode 100644 index 0000000000..e0e70a8edf --- /dev/null +++ b/2021/CVE-2021-24822.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960393, + "name": "CVE-2021-24822", + "full_name": "Live-Hack-CVE\/CVE-2021-24822", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24822", + "description": "The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, a CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:09Z", + "updated_at": "2022-12-28T10:58:09Z", + "pushed_at": "2022-12-28T10:58:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-24930.json b/2021/CVE-2021-24930.json new file mode 100644 index 0000000000..2b91d91510 --- /dev/null +++ b/2021/CVE-2021-24930.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947496, + "name": "CVE-2021-24930", + "full_name": "Live-Hack-CVE\/CVE-2021-24930", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-24930", + "description": "The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:25Z", + "updated_at": "2022-12-28T10:11:25Z", + "pushed_at": "2022-12-28T10:11:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-25094.json b/2021/CVE-2021-25094.json index 15ff385bd8..5e6ab87a82 100644 --- a/2021/CVE-2021-25094.json +++ b/2021/CVE-2021-25094.json @@ -85,5 +85,34 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 582968880, + "name": "CVE-2021-25094", + "full_name": "Live-Hack-CVE\/CVE-2021-25094", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-25094", + "description": "The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot \".\", this can bypass extension control implemented in the plugin. Mo CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:49Z", + "updated_at": "2022-12-28T11:29:49Z", + "pushed_at": "2022-12-28T11:29:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-25956.json b/2021/CVE-2021-25956.json new file mode 100644 index 0000000000..91788947d5 --- /dev/null +++ b/2021/CVE-2021-25956.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903584, + "name": "CVE-2021-25956", + "full_name": "Live-Hack-CVE\/CVE-2021-25956", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-25956", + "description": "In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overw CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:26Z", + "updated_at": "2022-12-28T07:28:26Z", + "pushed_at": "2022-12-28T07:28:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-26251.json b/2021/CVE-2021-26251.json new file mode 100644 index 0000000000..15e27dfa0d --- /dev/null +++ b/2021/CVE-2021-26251.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912291, + "name": "CVE-2021-26251", + "full_name": "Live-Hack-CVE\/CVE-2021-26251", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-26251", + "description": "Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:51Z", + "updated_at": "2022-12-28T08:02:51Z", + "pushed_at": "2022-12-28T08:02:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-27853.json b/2021/CVE-2021-27853.json new file mode 100644 index 0000000000..262405f94d --- /dev/null +++ b/2021/CVE-2021-27853.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924236, + "name": "CVE-2021-27853", + "full_name": "Live-Hack-CVE\/CVE-2021-27853", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-27853", + "description": "Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC\/SNAP headers. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:26Z", + "updated_at": "2022-12-28T08:48:26Z", + "pushed_at": "2022-12-28T08:48:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-28275.json b/2021/CVE-2021-28275.json new file mode 100644 index 0000000000..6d3a2a1c1d --- /dev/null +++ b/2021/CVE-2021-28275.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923078, + "name": "CVE-2021-28275", + "full_name": "Live-Hack-CVE\/CVE-2021-28275", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-28275", + "description": "A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:44:05Z", + "updated_at": "2022-12-28T08:44:05Z", + "pushed_at": "2022-12-28T08:44:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-28276.json b/2021/CVE-2021-28276.json new file mode 100644 index 0000000000..0a6cf68f4d --- /dev/null +++ b/2021/CVE-2021-28276.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923060, + "name": "CVE-2021-28276", + "full_name": "Live-Hack-CVE\/CVE-2021-28276", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-28276", + "description": "A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:44:01Z", + "updated_at": "2022-12-28T08:44:01Z", + "pushed_at": "2022-12-28T08:44:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-28277.json b/2021/CVE-2021-28277.json new file mode 100644 index 0000000000..a41639e7e5 --- /dev/null +++ b/2021/CVE-2021-28277.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923031, + "name": "CVE-2021-28277", + "full_name": "Live-Hack-CVE\/CVE-2021-28277", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-28277", + "description": "A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:54Z", + "updated_at": "2022-12-28T08:43:54Z", + "pushed_at": "2022-12-28T08:43:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-28278.json b/2021/CVE-2021-28278.json new file mode 100644 index 0000000000..ef54ae78ca --- /dev/null +++ b/2021/CVE-2021-28278.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922992, + "name": "CVE-2021-28278", + "full_name": "Live-Hack-CVE\/CVE-2021-28278", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-28278", + "description": "A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:43Z", + "updated_at": "2022-12-28T08:43:43Z", + "pushed_at": "2022-12-28T08:43:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-28476.json b/2021/CVE-2021-28476.json index cb30008eb4..321b47e28d 100644 --- a/2021/CVE-2021-28476.json +++ b/2021/CVE-2021-28476.json @@ -65,35 +65,6 @@ "watchers": 10, "score": 0 }, - { - "id": 471563181, - "name": "0vercl0k", - "full_name": "2273852279qqs\/0vercl0k", - "owner": { - "login": "2273852279qqs", - "id": 101910961, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101910961?v=4", - "html_url": "https:\/\/github.com\/2273852279qqs" - }, - "html_url": "https:\/\/github.com\/2273852279qqs\/0vercl0k", - "description": "PoC for CVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch.sys.", - "fork": false, - "created_at": "2022-03-19T01:33:04Z", - "updated_at": "2022-03-19T01:33:04Z", - "pushed_at": "2022-03-19T01:33:04Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 482583152, "name": "0vercl0k", diff --git a/2021/CVE-2021-28480.json b/2021/CVE-2021-28480.json index b9a00f634c..19cea55171 100644 --- a/2021/CVE-2021-28480.json +++ b/2021/CVE-2021-28480.json @@ -27,34 +27,5 @@ "forks": 9, "watchers": 11, "score": 0 - }, - { - "id": 475777282, - "name": "CVE-2021-28480", - "full_name": "Threonic\/CVE-2021-28480", - "owner": { - "login": "Threonic", - "id": 49891027, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49891027?v=4", - "html_url": "https:\/\/github.com\/Threonic" - }, - "html_url": "https:\/\/github.com\/Threonic\/CVE-2021-28480", - "description": null, - "fork": false, - "created_at": "2022-03-30T07:57:43Z", - "updated_at": "2022-03-30T07:57:43Z", - "pushed_at": "2022-03-30T07:57:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-29440.json b/2021/CVE-2021-29440.json index 06630ec1b9..4089b7e18f 100644 --- a/2021/CVE-2021-29440.json +++ b/2021/CVE-2021-29440.json @@ -27,5 +27,34 @@ "forks": 3, "watchers": 6, "score": 0 + }, + { + "id": 582971821, + "name": "CVE-2021-29440", + "full_name": "Live-Hack-CVE\/CVE-2021-29440", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-29440", + "description": "Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addre CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:40:08Z", + "updated_at": "2022-12-28T11:40:08Z", + "pushed_at": "2022-12-28T11:40:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-29441.json b/2021/CVE-2021-29441.json deleted file mode 100644 index 76fbd31a82..0000000000 --- a/2021/CVE-2021-29441.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 470076597, - "name": "CVE-2021-29441", - "full_name": "bysinks\/CVE-2021-29441", - "owner": { - "login": "bysinks", - "id": 50199185, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50199185?v=4", - "html_url": "https:\/\/github.com\/bysinks" - }, - "html_url": "https:\/\/github.com\/bysinks\/CVE-2021-29441", - "description": null, - "fork": false, - "created_at": "2022-03-15T08:53:59Z", - "updated_at": "2022-07-01T08:44:29Z", - "pushed_at": "2022-03-15T08:56:39Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 3, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-30130.json b/2021/CVE-2021-30130.json new file mode 100644 index 0000000000..ba8647d89d --- /dev/null +++ b/2021/CVE-2021-30130.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902965, + "name": "CVE-2021-30130", + "full_name": "Live-Hack-CVE\/CVE-2021-30130", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-30130", + "description": "phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:57Z", + "updated_at": "2022-12-28T07:25:57Z", + "pushed_at": "2022-12-28T07:25:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-30498.json b/2021/CVE-2021-30498.json new file mode 100644 index 0000000000..a1b6db4d5f --- /dev/null +++ b/2021/CVE-2021-30498.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935005, + "name": "CVE-2021-30498", + "full_name": "Live-Hack-CVE\/CVE-2021-30498", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-30498", + "description": "A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:38Z", + "updated_at": "2022-12-28T09:27:38Z", + "pushed_at": "2022-12-28T09:27:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-30682.json b/2021/CVE-2021-30682.json deleted file mode 100644 index e3fc713263..0000000000 --- a/2021/CVE-2021-30682.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 417419424, - "name": "csp-playground", - "full_name": "threatnix\/csp-playground", - "owner": { - "login": "threatnix", - "id": 63774126, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/63774126?v=4", - "html_url": "https:\/\/github.com\/threatnix" - }, - "html_url": "https:\/\/github.com\/threatnix\/csp-playground", - "description": "CSP Playground for CVE-2021-30682", - "fork": false, - "created_at": "2021-10-15T08:10:02Z", - "updated_at": "2022-08-03T09:54:49Z", - "pushed_at": "2022-03-24T07:38:41Z", - "stargazers_count": 8, - "watchers_count": 8, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 8, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-30955.json b/2021/CVE-2021-30955.json index 66db542aee..d0e60ee77d 100644 --- a/2021/CVE-2021-30955.json +++ b/2021/CVE-2021-30955.json @@ -1,149 +1,4 @@ [ - { - "id": 464524453, - "name": "CVE-2021-30955", - "full_name": "timb-machine-mirrors\/CVE-2021-30955", - "owner": { - "login": "timb-machine-mirrors", - "id": 49810875, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49810875?v=4", - "html_url": "https:\/\/github.com\/timb-machine-mirrors" - }, - "html_url": "https:\/\/github.com\/timb-machine-mirrors\/CVE-2021-30955", - "description": null, - "fork": false, - "created_at": "2022-02-28T14:54:10Z", - "updated_at": "2022-02-28T14:54:22Z", - "pushed_at": "2022-02-28T14:54:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 464663598, - "name": "CVE-2021-30955-POC", - "full_name": "nickorlow\/CVE-2021-30955-POC", - "owner": { - "login": "nickorlow", - "id": 56371027, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/56371027?v=4", - "html_url": "https:\/\/github.com\/nickorlow" - }, - "html_url": "https:\/\/github.com\/nickorlow\/CVE-2021-30955-POC", - "description": "Jake Jame's proof of concept wrapped into an iOS app for CVE-2021-30955", - "fork": false, - "created_at": "2022-02-28T22:23:51Z", - "updated_at": "2022-06-01T11:14:21Z", - "pushed_at": "2022-02-28T22:27:53Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - }, - { - "id": 464677668, - "name": "CVE-2021-30955-POC-IPA", - "full_name": "verygenericname\/CVE-2021-30955-POC-IPA", - "owner": { - "login": "verygenericname", - "id": 87825638, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/87825638?v=4", - "html_url": "https:\/\/github.com\/verygenericname" - }, - "html_url": "https:\/\/github.com\/verygenericname\/CVE-2021-30955-POC-IPA", - "description": "https:\/\/gist.github.com\/jakeajames\/37f72c58c775bfbdda3aa9575149a8aa compiled into a ipa 15.0-15.2b1", - "fork": false, - "created_at": "2022-02-28T23:28:39Z", - "updated_at": "2022-03-25T17:16:23Z", - "pushed_at": "2022-03-01T11:39:28Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 3, - "score": 0 - }, - { - "id": 464887929, - "name": "desc_race", - "full_name": "b1n4r1b01\/desc_race", - "owner": { - "login": "b1n4r1b01", - "id": 46951815, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46951815?v=4", - "html_url": "https:\/\/github.com\/b1n4r1b01" - }, - "html_url": "https:\/\/github.com\/b1n4r1b01\/desc_race", - "description": "iOS 15.1 kernel exploit POC for CVE-2021-30955", - "fork": false, - "created_at": "2022-03-01T12:41:03Z", - "updated_at": "2022-12-20T13:36:56Z", - "pushed_at": "2022-03-01T16:11:31Z", - "stargazers_count": 248, - "watchers_count": 248, - "has_discussions": false, - "forks_count": 47, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 47, - "watchers": 248, - "score": 0 - }, - { - "id": 469611099, - "name": "desc_race_A15", - "full_name": "markie-dev\/desc_race_A15", - "owner": { - "login": "markie-dev", - "id": 34432591, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/34432591?v=4", - "html_url": "https:\/\/github.com\/markie-dev" - }, - "html_url": "https:\/\/github.com\/markie-dev\/desc_race_A15", - "description": "CVE-2021-30955 iOS 15.1.1 POC for 6GB RAM devices (A14-A15)", - "fork": false, - "created_at": "2022-03-14T06:42:45Z", - "updated_at": "2022-10-31T06:52:27Z", - "pushed_at": "2022-03-14T07:58:37Z", - "stargazers_count": 47, - "watchers_count": 47, - "has_discussions": false, - "forks_count": 14, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 14, - "watchers": 47, - "score": 0 - }, { "id": 470172833, "name": "desc_race", diff --git a/2021/CVE-2021-31166.json b/2021/CVE-2021-31166.json index 9d5bc09846..ec81772275 100644 --- a/2021/CVE-2021-31166.json +++ b/2021/CVE-2021-31166.json @@ -211,53 +211,6 @@ "watchers": 2, "score": 0 }, - { - "id": 467221883, - "name": "CVE-2021-31166", - "full_name": "mauricelambert\/CVE-2021-31166", - "owner": { - "login": "mauricelambert", - "id": 50479118, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50479118?v=4", - "html_url": "https:\/\/github.com\/mauricelambert" - }, - "html_url": "https:\/\/github.com\/mauricelambert\/CVE-2021-31166", - "description": "CVE-2021-31166: exploitation with Powershell, Python, Ruby, NMAP and Metasploit.", - "fork": false, - "created_at": "2022-03-07T18:56:52Z", - "updated_at": "2022-06-11T23:34:22Z", - "pushed_at": "2022-03-16T21:21:14Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "bluescreen", - "crash", - "cve", - "cve-2021-31166", - "denial-of-service", - "dos", - "exploit", - "iis", - "metasploit", - "microsoft", - "nmap", - "payload", - "powershell", - "python3", - "ruby", - "vulnerability", - "webserver" - ], - "visibility": "public", - "forks": 1, - "watchers": 4, - "score": 0 - }, { "id": 569183785, "name": "Home-Demolisher", diff --git a/2021/CVE-2021-31525.json b/2021/CVE-2021-31525.json new file mode 100644 index 0000000000..2054ed09c3 --- /dev/null +++ b/2021/CVE-2021-31525.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971658, + "name": "CVE-2021-31525", + "full_name": "Live-Hack-CVE\/CVE-2021-31525", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-31525", + "description": "net\/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:37Z", + "updated_at": "2022-12-28T11:39:37Z", + "pushed_at": "2022-12-28T11:39:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index e524c95258..1446deaf95 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -1039,10 +1039,10 @@ "description": "Sudo Baron Samedit Exploit", "fork": false, "created_at": "2021-03-15T17:37:02Z", - "updated_at": "2022-12-27T09:29:59Z", + "updated_at": "2022-12-28T06:26:32Z", "pushed_at": "2022-01-13T05:48:01Z", - "stargazers_count": 557, - "watchers_count": 557, + "stargazers_count": 558, + "watchers_count": 558, "has_discussions": false, "forks_count": 156, "allow_forking": true, @@ -1051,7 +1051,7 @@ "topics": [], "visibility": "public", "forks": 156, - "watchers": 557, + "watchers": 558, "score": 0 }, { @@ -1344,35 +1344,6 @@ "watchers": 0, "score": 0 }, - { - "id": 466126446, - "name": "CVE-2021-3156", - "full_name": "puckiestyle\/CVE-2021-3156", - "owner": { - "login": "puckiestyle", - "id": 57447087, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/57447087?v=4", - "html_url": "https:\/\/github.com\/puckiestyle" - }, - "html_url": "https:\/\/github.com\/puckiestyle\/CVE-2021-3156", - "description": null, - "fork": false, - "created_at": "2022-03-04T13:06:51Z", - "updated_at": "2022-06-12T04:07:19Z", - "pushed_at": "2022-03-04T13:11:57Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - }, { "id": 471181143, "name": "CVE-2021-3156", diff --git a/2021/CVE-2021-32001.json b/2021/CVE-2021-32001.json new file mode 100644 index 0000000000..42e74437e6 --- /dev/null +++ b/2021/CVE-2021-32001.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946202, + "name": "CVE-2021-32001", + "full_name": "Live-Hack-CVE\/CVE-2021-32001", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-32001", + "description": "K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. This iss CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:08Z", + "updated_at": "2022-12-28T10:07:08Z", + "pushed_at": "2022-12-28T10:07:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-32099.json b/2021/CVE-2021-32099.json deleted file mode 100644 index 789df14a9c..0000000000 --- a/2021/CVE-2021-32099.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 466400226, - "name": "CVE-2021-32099", - "full_name": "akr3ch\/CVE-2021-32099", - "owner": { - "login": "akr3ch", - "id": 97300177, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/97300177?v=4", - "html_url": "https:\/\/github.com\/akr3ch" - }, - "html_url": "https:\/\/github.com\/akr3ch\/CVE-2021-32099", - "description": "CVE-2021-32099", - "fork": false, - "created_at": "2022-03-05T08:53:45Z", - "updated_at": "2022-03-05T08:53:45Z", - "pushed_at": "2022-03-05T09:01:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-32399.json b/2021/CVE-2021-32399.json deleted file mode 100644 index ef48c22af5..0000000000 --- a/2021/CVE-2021-32399.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 476675393, - "name": "linux-4.19.72_CVE-2021-32399", - "full_name": "nanopathi\/linux-4.19.72_CVE-2021-32399", - "owner": { - "login": "nanopathi", - "id": 26024136, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26024136?v=4", - "html_url": "https:\/\/github.com\/nanopathi" - }, - "html_url": "https:\/\/github.com\/nanopathi\/linux-4.19.72_CVE-2021-32399", - "description": null, - "fork": false, - "created_at": "2022-04-01T10:29:20Z", - "updated_at": "2022-04-01T10:37:11Z", - "pushed_at": "2022-12-09T13:39:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-32607.json b/2021/CVE-2021-32607.json new file mode 100644 index 0000000000..ecf8930f41 --- /dev/null +++ b/2021/CVE-2021-32607.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971673, + "name": "CVE-2021-32607", + "full_name": "Live-Hack-CVE\/CVE-2021-32607", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-32607", + "description": "An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views\/PrivateMessages\/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:41Z", + "updated_at": "2022-12-28T11:39:41Z", + "pushed_at": "2022-12-28T11:39:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-32608.json b/2021/CVE-2021-32608.json new file mode 100644 index 0000000000..6d54fca082 --- /dev/null +++ b/2021/CVE-2021-32608.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971696, + "name": "CVE-2021-32608", + "full_name": "Live-Hack-CVE\/CVE-2021-32608", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-32608", + "description": "An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views\/Boards\/Partials\/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:44Z", + "updated_at": "2022-12-28T11:39:44Z", + "pushed_at": "2022-12-28T11:39:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-32682.json b/2021/CVE-2021-32682.json new file mode 100644 index 0000000000..38db776de0 --- /dev/null +++ b/2021/CVE-2021-32682.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971518, + "name": "CVE-2021-32682", + "full_name": "Live-Hack-CVE\/CVE-2021-32682", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-32682", + "description": "elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were pa CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:03Z", + "updated_at": "2022-12-28T11:39:03Z", + "pushed_at": "2022-12-28T11:39:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-32686.json b/2021/CVE-2021-32686.json new file mode 100644 index 0000000000..e8020a9bf0 --- /dev/null +++ b/2021/CVE-2021-32686.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923589, + "name": "CVE-2021-32686", + "full_name": "Live-Hack-CVE\/CVE-2021-32686", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-32686", + "description": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:00Z", + "updated_at": "2022-12-28T08:46:00Z", + "pushed_at": "2022-12-28T08:46:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-33064.json b/2021/CVE-2021-33064.json new file mode 100644 index 0000000000..21bc61bb41 --- /dev/null +++ b/2021/CVE-2021-33064.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935598, + "name": "CVE-2021-33064", + "full_name": "Live-Hack-CVE\/CVE-2021-33064", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-33064", + "description": "Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:31Z", + "updated_at": "2022-12-28T09:29:31Z", + "pushed_at": "2022-12-28T09:29:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-33159.json b/2021/CVE-2021-33159.json new file mode 100644 index 0000000000..36e0b05b85 --- /dev/null +++ b/2021/CVE-2021-33159.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902627, + "name": "CVE-2021-33159", + "full_name": "Live-Hack-CVE\/CVE-2021-33159", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-33159", + "description": "Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:24:41Z", + "updated_at": "2022-12-28T07:24:41Z", + "pushed_at": "2022-12-28T07:24:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-33164.json b/2021/CVE-2021-33164.json new file mode 100644 index 0000000000..1f6a4bd15d --- /dev/null +++ b/2021/CVE-2021-33164.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913075, + "name": "CVE-2021-33164", + "full_name": "Live-Hack-CVE\/CVE-2021-33164", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-33164", + "description": "Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:05:45Z", + "updated_at": "2022-12-28T08:05:45Z", + "pushed_at": "2022-12-28T08:05:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-33196.json b/2021/CVE-2021-33196.json new file mode 100644 index 0000000000..5e95cd85ea --- /dev/null +++ b/2021/CVE-2021-33196.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971390, + "name": "CVE-2021-33196", + "full_name": "Live-Hack-CVE\/CVE-2021-33196", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-33196", + "description": "In archive\/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:37Z", + "updated_at": "2022-12-28T11:38:37Z", + "pushed_at": "2022-12-28T11:38:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-33574.json b/2021/CVE-2021-33574.json new file mode 100644 index 0000000000..1016c13b4b --- /dev/null +++ b/2021/CVE-2021-33574.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982442, + "name": "CVE-2021-33574", + "full_name": "Live-Hack-CVE\/CVE-2021-33574", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-33574", + "description": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:05Z", + "updated_at": "2022-12-28T12:18:05Z", + "pushed_at": "2022-12-28T12:18:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-33618.json b/2021/CVE-2021-33618.json new file mode 100644 index 0000000000..d027db67de --- /dev/null +++ b/2021/CVE-2021-33618.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903547, + "name": "CVE-2021-33618", + "full_name": "Live-Hack-CVE\/CVE-2021-33618", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-33618", + "description": "Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:19Z", + "updated_at": "2022-12-28T07:28:19Z", + "pushed_at": "2022-12-28T07:28:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-33816.json b/2021/CVE-2021-33816.json new file mode 100644 index 0000000000..e9df2a8220 --- /dev/null +++ b/2021/CVE-2021-33816.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903566, + "name": "CVE-2021-33816", + "full_name": "Live-Hack-CVE\/CVE-2021-33816", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-33816", + "description": "The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:23Z", + "updated_at": "2022-12-28T07:28:23Z", + "pushed_at": "2022-12-28T07:28:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-34566.json b/2021/CVE-2021-34566.json new file mode 100644 index 0000000000..cf823a089a --- /dev/null +++ b/2021/CVE-2021-34566.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925453, + "name": "CVE-2021-34566", + "full_name": "Live-Hack-CVE\/CVE-2021-34566", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-34566", + "description": "In WAGO I\/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:55Z", + "updated_at": "2022-12-28T08:52:55Z", + "pushed_at": "2022-12-28T08:52:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-34567.json b/2021/CVE-2021-34567.json new file mode 100644 index 0000000000..b0ecfabf65 --- /dev/null +++ b/2021/CVE-2021-34567.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925463, + "name": "CVE-2021-34567", + "full_name": "Live-Hack-CVE\/CVE-2021-34567", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-34567", + "description": "In WAGO I\/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:58Z", + "updated_at": "2022-12-28T08:52:58Z", + "pushed_at": "2022-12-28T08:53:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-34568.json b/2021/CVE-2021-34568.json new file mode 100644 index 0000000000..868ad0fdb1 --- /dev/null +++ b/2021/CVE-2021-34568.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925483, + "name": "CVE-2021-34568", + "full_name": "Live-Hack-CVE\/CVE-2021-34568", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-34568", + "description": "In WAGO I\/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:53:02Z", + "updated_at": "2022-12-28T08:53:02Z", + "pushed_at": "2022-12-28T08:53:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-34569.json b/2021/CVE-2021-34569.json new file mode 100644 index 0000000000..45bc144332 --- /dev/null +++ b/2021/CVE-2021-34569.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925497, + "name": "CVE-2021-34569", + "full_name": "Live-Hack-CVE\/CVE-2021-34569", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-34569", + "description": "In WAGO I\/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:53:06Z", + "updated_at": "2022-12-28T08:53:06Z", + "pushed_at": "2022-12-28T08:53:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-34577.json b/2021/CVE-2021-34577.json new file mode 100644 index 0000000000..4dd058c145 --- /dev/null +++ b/2021/CVE-2021-34577.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936793, + "name": "CVE-2021-34577", + "full_name": "Live-Hack-CVE\/CVE-2021-34577", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-34577", + "description": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:44Z", + "updated_at": "2022-12-28T09:33:44Z", + "pushed_at": "2022-12-28T09:33:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-34579.json b/2021/CVE-2021-34579.json new file mode 100644 index 0000000000..24f925e802 --- /dev/null +++ b/2021/CVE-2021-34579.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936869, + "name": "CVE-2021-34579", + "full_name": "Live-Hack-CVE\/CVE-2021-34579", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-34579", + "description": "In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGu CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:59Z", + "updated_at": "2022-12-28T09:33:59Z", + "pushed_at": "2022-12-28T09:34:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-35587.json b/2021/CVE-2021-35587.json deleted file mode 100644 index ccb7f09d0d..0000000000 --- a/2021/CVE-2021-35587.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 469587526, - "name": "CVE-2021-35587", - "full_name": "antx-code\/CVE-2021-35587", - "owner": { - "login": "antx-code", - "id": 7877940, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7877940?v=4", - "html_url": "https:\/\/github.com\/antx-code" - }, - "html_url": "https:\/\/github.com\/antx-code\/CVE-2021-35587", - "description": "Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587", - "fork": false, - "created_at": "2022-03-14T05:03:54Z", - "updated_at": "2022-11-30T05:22:25Z", - "pushed_at": "2022-03-14T05:07:01Z", - "stargazers_count": 37, - "watchers_count": 37, - "has_discussions": false, - "forks_count": 9, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 9, - "watchers": 37, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-35942.json b/2021/CVE-2021-35942.json new file mode 100644 index 0000000000..fa59eea920 --- /dev/null +++ b/2021/CVE-2021-35942.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982417, + "name": "CVE-2021-35942", + "full_name": "Live-Hack-CVE\/CVE-2021-35942", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-35942", + "description": "The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix\/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have b CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:02Z", + "updated_at": "2022-12-28T12:18:02Z", + "pushed_at": "2022-12-28T12:18:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3597.json b/2021/CVE-2021-3597.json new file mode 100644 index 0000000000..f906df0736 --- /dev/null +++ b/2021/CVE-2021-3597.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957778, + "name": "CVE-2021-3597", + "full_name": "Live-Hack-CVE\/CVE-2021-3597", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3597", + "description": "A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:41Z", + "updated_at": "2022-12-28T10:48:41Z", + "pushed_at": "2022-12-28T10:48:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-36260.json b/2021/CVE-2021-36260.json index 54c20b9c0a..fcab14bb35 100644 --- a/2021/CVE-2021-36260.json +++ b/2021/CVE-2021-36260.json @@ -76,7 +76,7 @@ "stargazers_count": 44, "watchers_count": 44, "has_discussions": false, - "forks_count": 9, + "forks_count": 10, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -85,7 +85,7 @@ "exploit" ], "visibility": "public", - "forks": 9, + "forks": 10, "watchers": 44, "score": 0 } diff --git a/2021/CVE-2021-3629.json b/2021/CVE-2021-3629.json new file mode 100644 index 0000000000..4484553685 --- /dev/null +++ b/2021/CVE-2021-3629.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957797, + "name": "CVE-2021-3629", + "full_name": "Live-Hack-CVE\/CVE-2021-3629", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3629", + "description": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http\/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Fina CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:45Z", + "updated_at": "2022-12-28T10:48:45Z", + "pushed_at": "2022-12-28T10:48:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3634.json b/2021/CVE-2021-3634.json new file mode 100644 index 0000000000..e3cf17dd1f --- /dev/null +++ b/2021/CVE-2021-3634.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934907, + "name": "CVE-2021-3634", + "full_name": "Live-Hack-CVE\/CVE-2021-3634", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3634", + "description": "A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:19Z", + "updated_at": "2022-12-28T09:27:19Z", + "pushed_at": "2022-12-28T09:27:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-36369.json b/2021/CVE-2021-36369.json new file mode 100644 index 0000000000..eadd39ac9c --- /dev/null +++ b/2021/CVE-2021-36369.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947051, + "name": "CVE-2021-36369", + "full_name": "Live-Hack-CVE\/CVE-2021-36369", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-36369", + "description": "An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. T CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:57Z", + "updated_at": "2022-12-28T10:09:57Z", + "pushed_at": "2022-12-28T10:09:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-36779.json b/2021/CVE-2021-36779.json new file mode 100644 index 0000000000..78453a0de7 --- /dev/null +++ b/2021/CVE-2021-36779.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958265, + "name": "CVE-2021-36779", + "full_name": "Live-Hack-CVE\/CVE-2021-36779", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-36779", + "description": "A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:33Z", + "updated_at": "2022-12-28T10:50:33Z", + "pushed_at": "2022-12-28T10:50:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-36780.json b/2021/CVE-2021-36780.json new file mode 100644 index 0000000000..1a0e2244e9 --- /dev/null +++ b/2021/CVE-2021-36780.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958366, + "name": "CVE-2021-36780", + "full_name": "Live-Hack-CVE\/CVE-2021-36780", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-36780", + "description": "A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:57Z", + "updated_at": "2022-12-28T10:50:57Z", + "pushed_at": "2022-12-28T10:50:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-36783.json b/2021/CVE-2021-36783.json new file mode 100644 index 0000000000..06e6c0d00b --- /dev/null +++ b/2021/CVE-2021-36783.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946183, + "name": "CVE-2021-36783", + "full_name": "Live-Hack-CVE\/CVE-2021-36783", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-36783", + "description": "A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:04Z", + "updated_at": "2022-12-28T10:07:04Z", + "pushed_at": "2022-12-28T10:07:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-36885.json b/2021/CVE-2021-36885.json new file mode 100644 index 0000000000..6815da5b23 --- /dev/null +++ b/2021/CVE-2021-36885.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947416, + "name": "CVE-2021-36885", + "full_name": "Live-Hack-CVE\/CVE-2021-36885", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-36885", + "description": "Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:10Z", + "updated_at": "2022-12-28T10:11:10Z", + "pushed_at": "2022-12-28T10:11:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-36886.json b/2021/CVE-2021-36886.json new file mode 100644 index 0000000000..44a5761474 --- /dev/null +++ b/2021/CVE-2021-36886.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947437, + "name": "CVE-2021-36886", + "full_name": "Live-Hack-CVE\/CVE-2021-36886", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-36886", + "description": "Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:14Z", + "updated_at": "2022-12-28T10:11:14Z", + "pushed_at": "2022-12-28T10:11:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3717.json b/2021/CVE-2021-3717.json new file mode 100644 index 0000000000..ea9519503a --- /dev/null +++ b/2021/CVE-2021-3717.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957812, + "name": "CVE-2021-3717", + "full_name": "Live-Hack-CVE\/CVE-2021-3717", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3717", + "description": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:49Z", + "updated_at": "2022-12-28T10:48:49Z", + "pushed_at": "2022-12-28T10:48:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-37706.json b/2021/CVE-2021-37706.json new file mode 100644 index 0000000000..595451f6a8 --- /dev/null +++ b/2021/CVE-2021-37706.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893498, + "name": "CVE-2021-37706", + "full_name": "Live-Hack-CVE\/CVE-2021-37706", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-37706", + "description": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction op CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:33Z", + "updated_at": "2022-12-28T06:47:33Z", + "pushed_at": "2022-12-28T06:47:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3778.json b/2021/CVE-2021-3778.json new file mode 100644 index 0000000000..866eefa56e --- /dev/null +++ b/2021/CVE-2021-3778.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891671, + "name": "CVE-2021-3778", + "full_name": "Live-Hack-CVE\/CVE-2021-3778", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3778", + "description": "vim is vulnerable to Heap-based Buffer Overflow CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:22Z", + "updated_at": "2022-12-28T06:40:22Z", + "pushed_at": "2022-12-28T06:40:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3796.json b/2021/CVE-2021-3796.json new file mode 100644 index 0000000000..d0ea9959f8 --- /dev/null +++ b/2021/CVE-2021-3796.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891647, + "name": "CVE-2021-3796", + "full_name": "Live-Hack-CVE\/CVE-2021-3796", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3796", + "description": "vim is vulnerable to Use After Free CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:18Z", + "updated_at": "2022-12-28T06:40:18Z", + "pushed_at": "2022-12-28T06:40:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3864.json b/2021/CVE-2021-3864.json deleted file mode 100644 index ca4ac93a2e..0000000000 --- a/2021/CVE-2021-3864.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 476460097, - "name": "cve-2021-3864", - "full_name": "walac\/cve-2021-3864", - "owner": { - "login": "walac", - "id": 611309, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/611309?v=4", - "html_url": "https:\/\/github.com\/walac" - }, - "html_url": "https:\/\/github.com\/walac\/cve-2021-3864", - "description": "Test for cve-2021-3864", - "fork": false, - "created_at": "2022-03-31T20:03:04Z", - "updated_at": "2022-08-15T15:42:17Z", - "pushed_at": "2022-04-01T20:40:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-38819.json b/2021/CVE-2021-38819.json index ce75cce3be..7e734ef557 100644 --- a/2021/CVE-2021-38819.json +++ b/2021/CVE-2021-38819.json @@ -27,5 +27,34 @@ "forks": 0, "watchers": 1, "score": 0 + }, + { + "id": 582901992, + "name": "CVE-2021-38819", + "full_name": "Live-Hack-CVE\/CVE-2021-38819", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-38819", + "description": "A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through \"id\" parameter on the album page. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:03Z", + "updated_at": "2022-12-28T07:22:03Z", + "pushed_at": "2022-12-28T07:22:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-38827.json b/2021/CVE-2021-38827.json new file mode 100644 index 0000000000..5bee57da59 --- /dev/null +++ b/2021/CVE-2021-38827.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923845, + "name": "CVE-2021-38827", + "full_name": "Live-Hack-CVE\/CVE-2021-38827", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-38827", + "description": "Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:58Z", + "updated_at": "2022-12-28T08:46:58Z", + "pushed_at": "2022-12-28T08:47:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-38828.json b/2021/CVE-2021-38828.json new file mode 100644 index 0000000000..3f38ad1633 --- /dev/null +++ b/2021/CVE-2021-38828.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923865, + "name": "CVE-2021-38828", + "full_name": "Live-Hack-CVE\/CVE-2021-38828", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-38828", + "description": "Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:02Z", + "updated_at": "2022-12-28T08:47:02Z", + "pushed_at": "2022-12-28T08:47:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-39144.json b/2021/CVE-2021-39144.json new file mode 100644 index 0000000000..b6095ed402 --- /dev/null +++ b/2021/CVE-2021-39144.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936416, + "name": "CVE-2021-39144", + "full_name": "Live-Hack-CVE\/CVE-2021-39144", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-39144", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's secur CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:32:17Z", + "updated_at": "2022-12-28T09:32:18Z", + "pushed_at": "2022-12-28T09:32:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3928.json b/2021/CVE-2021-3928.json new file mode 100644 index 0000000000..eee728e673 --- /dev/null +++ b/2021/CVE-2021-3928.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971940, + "name": "CVE-2021-3928", + "full_name": "Live-Hack-CVE\/CVE-2021-3928", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3928", + "description": "vim is vulnerable to Use of Uninitialized Variable CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:40:35Z", + "updated_at": "2022-12-28T11:40:35Z", + "pushed_at": "2022-12-28T11:40:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-39661.json b/2021/CVE-2021-39661.json new file mode 100644 index 0000000000..7789b00ea7 --- /dev/null +++ b/2021/CVE-2021-39661.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970428, + "name": "CVE-2021-39661", + "full_name": "Live-Hack-CVE\/CVE-2021-39661", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-39661", + "description": "In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoC CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:15Z", + "updated_at": "2022-12-28T11:35:16Z", + "pushed_at": "2022-12-28T11:35:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3974.json b/2021/CVE-2021-3974.json new file mode 100644 index 0000000000..3066226b9a --- /dev/null +++ b/2021/CVE-2021-3974.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971796, + "name": "CVE-2021-3974", + "full_name": "Live-Hack-CVE\/CVE-2021-3974", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3974", + "description": "vim is vulnerable to Use After Free CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:40:04Z", + "updated_at": "2022-12-28T11:40:04Z", + "pushed_at": "2022-12-28T11:40:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3984.json b/2021/CVE-2021-3984.json new file mode 100644 index 0000000000..cf9036d312 --- /dev/null +++ b/2021/CVE-2021-3984.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971753, + "name": "CVE-2021-3984", + "full_name": "Live-Hack-CVE\/CVE-2021-3984", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3984", + "description": "vim is vulnerable to Heap-based Buffer Overflow CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:55Z", + "updated_at": "2022-12-28T11:39:55Z", + "pushed_at": "2022-12-28T11:39:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-3998.json b/2021/CVE-2021-3998.json new file mode 100644 index 0000000000..cd8e7d910f --- /dev/null +++ b/2021/CVE-2021-3998.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983502, + "name": "CVE-2021-3998", + "full_name": "Live-Hack-CVE\/CVE-2021-3998", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-3998", + "description": "A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:21:45Z", + "updated_at": "2022-12-28T12:21:45Z", + "pushed_at": "2022-12-28T12:21:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-4001.json b/2021/CVE-2021-4001.json new file mode 100644 index 0000000000..bea055704a --- /dev/null +++ b/2021/CVE-2021-4001.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934855, + "name": "CVE-2021-4001", + "full_name": "Live-Hack-CVE\/CVE-2021-4001", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4001", + "description": "A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel\/bpf\/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:08Z", + "updated_at": "2022-12-28T09:27:08Z", + "pushed_at": "2022-12-28T09:27:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40017.json b/2021/CVE-2021-40017.json new file mode 100644 index 0000000000..f44a17783a --- /dev/null +++ b/2021/CVE-2021-40017.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959773, + "name": "CVE-2021-40017", + "full_name": "Live-Hack-CVE\/CVE-2021-40017", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40017", + "description": "The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:04Z", + "updated_at": "2022-12-28T10:56:04Z", + "pushed_at": "2022-12-28T10:56:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40158.json b/2021/CVE-2021-40158.json new file mode 100644 index 0000000000..5d9f5dad17 --- /dev/null +++ b/2021/CVE-2021-40158.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934314, + "name": "CVE-2021-40158", + "full_name": "Live-Hack-CVE\/CVE-2021-40158", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40158", + "description": "A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:27Z", + "updated_at": "2022-12-28T09:25:27Z", + "pushed_at": "2022-12-28T09:25:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40159.json b/2021/CVE-2021-40159.json new file mode 100644 index 0000000000..72d812da93 --- /dev/null +++ b/2021/CVE-2021-40159.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934272, + "name": "CVE-2021-40159", + "full_name": "Live-Hack-CVE\/CVE-2021-40159", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40159", + "description": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:20Z", + "updated_at": "2022-12-28T09:25:20Z", + "pushed_at": "2022-12-28T09:25:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-4019.json b/2021/CVE-2021-4019.json new file mode 100644 index 0000000000..f610ca7625 --- /dev/null +++ b/2021/CVE-2021-4019.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971774, + "name": "CVE-2021-4019", + "full_name": "Live-Hack-CVE\/CVE-2021-4019", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4019", + "description": "vim is vulnerable to Heap-based Buffer Overflow CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:59Z", + "updated_at": "2022-12-28T11:39:59Z", + "pushed_at": "2022-12-28T11:40:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40226.json b/2021/CVE-2021-40226.json new file mode 100644 index 0000000000..8b94987b56 --- /dev/null +++ b/2021/CVE-2021-40226.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936185, + "name": "CVE-2021-40226", + "full_name": "Live-Hack-CVE\/CVE-2021-40226", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40226", + "description": "xpdfreader 4.03 is vulnerable to Buffer Overflow. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:26Z", + "updated_at": "2022-12-28T09:31:27Z", + "pushed_at": "2022-12-28T09:31:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40272.json b/2021/CVE-2021-40272.json new file mode 100644 index 0000000000..3e3a182564 --- /dev/null +++ b/2021/CVE-2021-40272.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914425, + "name": "CVE-2021-40272", + "full_name": "Live-Hack-CVE\/CVE-2021-40272", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40272", + "description": "OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:52Z", + "updated_at": "2022-12-28T08:10:52Z", + "pushed_at": "2022-12-28T08:10:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40289.json b/2021/CVE-2021-40289.json new file mode 100644 index 0000000000..132ff5c2aa --- /dev/null +++ b/2021/CVE-2021-40289.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936689, + "name": "CVE-2021-40289", + "full_name": "Live-Hack-CVE\/CVE-2021-40289", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40289", + "description": "mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:18Z", + "updated_at": "2022-12-28T09:33:18Z", + "pushed_at": "2022-12-28T09:33:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40303.json b/2021/CVE-2021-40303.json index 0733ea5e06..0434bf3001 100644 --- a/2021/CVE-2021-40303.json +++ b/2021/CVE-2021-40303.json @@ -27,5 +27,34 @@ "forks": 0, "watchers": 1, "score": 0 + }, + { + "id": 582980303, + "name": "CVE-2021-40303", + "full_name": "Live-Hack-CVE\/CVE-2021-40303", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40303", + "description": "perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via \/clients\/profile. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:10:46Z", + "updated_at": "2022-12-28T12:10:46Z", + "pushed_at": "2022-12-28T12:10:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index 2ce52235d9..e056919775 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -71,10 +71,10 @@ "description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation", "fork": false, "created_at": "2022-01-26T14:26:10Z", - "updated_at": "2022-12-27T03:54:54Z", + "updated_at": "2022-12-28T09:49:19Z", "pushed_at": "2022-06-21T14:52:05Z", - "stargazers_count": 700, - "watchers_count": 700, + "stargazers_count": 701, + "watchers_count": 701, "has_discussions": false, "forks_count": 148, "allow_forking": true, @@ -85,7 +85,7 @@ ], "visibility": "public", "forks": 148, - "watchers": 700, + "watchers": 701, "score": 0 }, { @@ -122,35 +122,6 @@ "watchers": 0, "score": 0 }, - { - "id": 452430809, - "name": "CVE-2021-4034", - "full_name": "nobelh\/CVE-2021-4034", - "owner": { - "login": "nobelh", - "id": 42378484, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/42378484?v=4", - "html_url": "https:\/\/github.com\/nobelh" - }, - "html_url": "https:\/\/github.com\/nobelh\/CVE-2021-4034", - "description": "Polkit pkexec CVE-2021-4034 Proof Of Concept and Patching", - "fork": false, - "created_at": "2022-01-26T20:32:10Z", - "updated_at": "2022-02-08T20:59:44Z", - "pushed_at": "2022-03-03T21:20:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 0, - "score": 0 - }, { "id": 452715280, "name": "poppy", @@ -214,35 +185,6 @@ "watchers": 325, "score": 0 }, - { - "id": 452783558, - "name": "CVE-2021-4034", - "full_name": "c3c\/CVE-2021-4034", - "owner": { - "login": "c3c", - "id": 2326945, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2326945?v=4", - "html_url": "https:\/\/github.com\/c3c" - }, - "html_url": "https:\/\/github.com\/c3c\/CVE-2021-4034", - "description": "Pre-compiled builds for CVE-2021-4034", - "fork": false, - "created_at": "2022-01-27T17:43:24Z", - "updated_at": "2022-12-27T20:50:15Z", - "pushed_at": "2022-03-30T15:38:20Z", - "stargazers_count": 13, - "watchers_count": 13, - "has_discussions": false, - "forks_count": 8, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 8, - "watchers": 13, - "score": 0 - }, { "id": 453053476, "name": "PwnKit-CVE-2021-4034", @@ -393,189 +335,6 @@ "watchers": 2, "score": 0 }, - { - "id": 459341469, - "name": "codeql-sample-polkit", - "full_name": "hohn\/codeql-sample-polkit", - "owner": { - "login": "hohn", - "id": 2253228, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2253228?v=4", - "html_url": "https:\/\/github.com\/hohn" - }, - "html_url": "https:\/\/github.com\/hohn\/codeql-sample-polkit", - "description": "All stages of exploring the polkit CVE-2021-4034 using codeql", - "fork": false, - "created_at": "2022-02-14T22:09:44Z", - "updated_at": "2022-04-06T21:01:41Z", - "pushed_at": "2022-03-15T18:42:24Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - }, - { - "id": 464340102, - "name": "PwnKit-CVE-2021-4034", - "full_name": "movvamrocks\/PwnKit-CVE-2021-4034", - "owner": { - "login": "movvamrocks", - "id": 22263143, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22263143?v=4", - "html_url": "https:\/\/github.com\/movvamrocks" - }, - "html_url": "https:\/\/github.com\/movvamrocks\/PwnKit-CVE-2021-4034", - "description": null, - "fork": false, - "created_at": "2022-02-28T04:41:40Z", - "updated_at": "2022-02-28T04:46:26Z", - "pushed_at": "2022-02-28T04:46:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 465309758, - "name": "CVE-2021-4034", - "full_name": "Squirre17\/CVE-2021-4034", - "owner": { - "login": "Squirre17", - "id": 79578430, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79578430?v=4", - "html_url": "https:\/\/github.com\/Squirre17" - }, - "html_url": "https:\/\/github.com\/Squirre17\/CVE-2021-4034", - "description": "polkit-pkexec local privilege escalation vulnerability", - "fork": false, - "created_at": "2022-03-02T13:07:00Z", - "updated_at": "2022-03-02T13:18:31Z", - "pushed_at": "2022-03-02T13:19:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 465839695, - "name": "make_me_root", - "full_name": "Jesrat\/make_me_root", - "owner": { - "login": "Jesrat", - "id": 18082153, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18082153?v=4", - "html_url": "https:\/\/github.com\/Jesrat" - }, - "html_url": "https:\/\/github.com\/Jesrat\/make_me_root", - "description": "CVE-2021-4034", - "fork": false, - "created_at": "2022-03-03T18:29:11Z", - "updated_at": "2022-03-03T19:40:05Z", - "pushed_at": "2022-03-03T19:40:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 465973416, - "name": "cve-2021-4034", - "full_name": "defhacks\/cve-2021-4034", - "owner": { - "login": "defhacks", - "id": 4090053, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4090053?v=4", - "html_url": "https:\/\/github.com\/defhacks" - }, - "html_url": "https:\/\/github.com\/defhacks\/cve-2021-4034", - "description": "port of CVE-2021-4034 exploit to Rust\/cargo for my own edification", - "fork": false, - "created_at": "2022-03-04T03:47:53Z", - "updated_at": "2022-07-04T19:12:02Z", - "pushed_at": "2022-03-04T05:32:29Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - }, - { - "id": 466178605, - "name": "CVE-2021-4034-exploit", - "full_name": "PentesterSoham\/CVE-2021-4034-exploit", - "owner": { - "login": "PentesterSoham", - "id": 96686822, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/96686822?v=4", - "html_url": "https:\/\/github.com\/PentesterSoham" - }, - "html_url": "https:\/\/github.com\/PentesterSoham\/CVE-2021-4034-exploit", - "description": "I am not the real author of this exploits.. There are two exploits available, use any of one if it doesn't work use another one... Manual for this two exploit has given in README file. Please read that file before using it.. :) ", - "fork": false, - "created_at": "2022-03-04T15:41:12Z", - "updated_at": "2022-08-16T11:11:01Z", - "pushed_at": "2022-03-04T15:49:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve", - "cve-2021-4034", - "exploit", - "exploitation", - "exploits", - "hacking", - "poc", - "vulnerability" - ], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 466553344, "name": "pwnkit-pwn", @@ -615,180 +374,6 @@ "watchers": 3, "score": 0 }, - { - "id": 467743719, - "name": "CVE-2021-4034-bug-root", - "full_name": "bakhtiyarsierad\/CVE-2021-4034-bug-root", - "owner": { - "login": "bakhtiyarsierad", - "id": 7570307, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7570307?v=4", - "html_url": "https:\/\/github.com\/bakhtiyarsierad" - }, - "html_url": "https:\/\/github.com\/bakhtiyarsierad\/CVE-2021-4034-bug-root", - "description": null, - "fork": false, - "created_at": "2022-03-09T02:04:07Z", - "updated_at": "2022-03-09T02:04:19Z", - "pushed_at": "2022-03-09T02:04:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 467844609, - "name": "Polkit-s-Pkexec-CVE-2021-4034", - "full_name": "ITMarcin2211\/Polkit-s-Pkexec-CVE-2021-4034", - "owner": { - "login": "ITMarcin2211", - "id": 60057530, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/60057530?v=4", - "html_url": "https:\/\/github.com\/ITMarcin2211" - }, - "html_url": "https:\/\/github.com\/ITMarcin2211\/Polkit-s-Pkexec-CVE-2021-4034", - "description": "Polkit's Pkexec CVE-2021-4034 Proof Of Concept and Patching", - "fork": false, - "created_at": "2022-03-09T08:44:02Z", - "updated_at": "2022-03-09T08:51:49Z", - "pushed_at": "2022-03-09T08:54:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 468150219, - "name": "CVE-2021-4034-Linux", - "full_name": "edsonjt81\/CVE-2021-4034-Linux", - "owner": { - "login": "edsonjt81", - "id": 27496739, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/27496739?v=4", - "html_url": "https:\/\/github.com\/edsonjt81" - }, - "html_url": "https:\/\/github.com\/edsonjt81\/CVE-2021-4034-Linux", - "description": null, - "fork": false, - "created_at": "2022-03-10T01:24:14Z", - "updated_at": "2022-03-10T01:24:25Z", - "pushed_at": "2022-03-10T01:24:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 469303038, - "name": "CVE-2021-4034", - "full_name": "Kashiki078\/CVE-2021-4034", - "owner": { - "login": "Kashiki078", - "id": 33626505, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/33626505?v=4", - "html_url": "https:\/\/github.com\/Kashiki078" - }, - "html_url": "https:\/\/github.com\/Kashiki078\/CVE-2021-4034", - "description": null, - "fork": false, - "created_at": "2022-03-13T07:40:56Z", - "updated_at": "2022-03-13T07:44:14Z", - "pushed_at": "2022-03-13T07:44:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 469486171, - "name": "pwnkit-vulnerability", - "full_name": "nel0x\/pwnkit-vulnerability", - "owner": { - "login": "nel0x", - "id": 87320197, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/87320197?v=4", - "html_url": "https:\/\/github.com\/nel0x" - }, - "html_url": "https:\/\/github.com\/nel0x\/pwnkit-vulnerability", - "description": "CVE-2021-4034 (PWNKIT).", - "fork": false, - "created_at": "2022-03-13T20:24:59Z", - "updated_at": "2022-06-06T12:15:58Z", - "pushed_at": "2022-03-13T20:25:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 469927703, - "name": "CVE-2021-4034", - "full_name": "TomSgn\/CVE-2021-4034", - "owner": { - "login": "TomSgn", - "id": 62591045, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/62591045?v=4", - "html_url": "https:\/\/github.com\/TomSgn" - }, - "html_url": "https:\/\/github.com\/TomSgn\/CVE-2021-4034", - "description": "pkexec --> privilege escalation", - "fork": false, - "created_at": "2022-03-14T22:42:49Z", - "updated_at": "2022-03-15T00:22:54Z", - "pushed_at": "2022-03-14T22:47:04Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 470778554, "name": "CVE-2021-4034", @@ -821,64 +406,6 @@ "watchers": 0, "score": 0 }, - { - "id": 473151472, - "name": "berdav-CVE-2021-4034", - "full_name": "TheJoyOfHacking\/berdav-CVE-2021-4034", - "owner": { - "login": "TheJoyOfHacking", - "id": 99463221, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/99463221?v=4", - "html_url": "https:\/\/github.com\/TheJoyOfHacking" - }, - "html_url": "https:\/\/github.com\/TheJoyOfHacking\/berdav-CVE-2021-4034", - "description": null, - "fork": false, - "created_at": "2022-03-23T11:08:20Z", - "updated_at": "2022-05-06T15:35:05Z", - "pushed_at": "2022-03-23T11:08:33Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - }, - { - "id": 474372121, - "name": "CVE-2021-4034", - "full_name": "tzwlhack\/CVE-2021-4034", - "owner": { - "login": "tzwlhack", - "id": 86322859, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/86322859?v=4", - "html_url": "https:\/\/github.com\/tzwlhack" - }, - "html_url": "https:\/\/github.com\/tzwlhack\/CVE-2021-4034", - "description": null, - "fork": false, - "created_at": "2022-03-26T14:30:11Z", - "updated_at": "2022-03-26T14:30:22Z", - "pushed_at": "2022-03-26T14:30:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 474844468, "name": "CVE-2021-4034", @@ -908,35 +435,6 @@ "watchers": 0, "score": 0 }, - { - "id": 475232490, - "name": "f_poc_cve-2021-4034", - "full_name": "jcatala\/f_poc_cve-2021-4034", - "owner": { - "login": "jcatala", - "id": 23392306, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23392306?v=4", - "html_url": "https:\/\/github.com\/jcatala" - }, - "html_url": "https:\/\/github.com\/jcatala\/f_poc_cve-2021-4034", - "description": null, - "fork": false, - "created_at": "2022-03-29T01:06:32Z", - "updated_at": "2022-03-31T21:39:25Z", - "pushed_at": "2022-03-30T21:12:43Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - }, { "id": 476850767, "name": "PwnKit", diff --git a/2021/CVE-2021-40345.json b/2021/CVE-2021-40345.json index 16c79aa840..cae4c0a60a 100644 --- a/2021/CVE-2021-40345.json +++ b/2021/CVE-2021-40345.json @@ -27,5 +27,34 @@ "forks": 1, "watchers": 0, "score": 0 + }, + { + "id": 582982861, + "name": "CVE-2021-40345", + "full_name": "Live-Hack-CVE\/CVE-2021-40345", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40345", + "description": "An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:36Z", + "updated_at": "2022-12-28T12:19:36Z", + "pushed_at": "2022-12-28T12:19:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-40348.json b/2021/CVE-2021-40348.json new file mode 100644 index 0000000000..dce407403e --- /dev/null +++ b/2021/CVE-2021-40348.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947624, + "name": "CVE-2021-40348", + "full_name": "Live-Hack-CVE\/CVE-2021-40348", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40348", + "description": "Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:50Z", + "updated_at": "2022-12-28T10:11:50Z", + "pushed_at": "2022-12-28T10:11:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40369.json b/2021/CVE-2021-40369.json new file mode 100644 index 0000000000..fab18eae01 --- /dev/null +++ b/2021/CVE-2021-40369.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960528, + "name": "CVE-2021-40369", + "full_name": "Live-Hack-CVE\/CVE-2021-40369", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-40369", + "description": "A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:37Z", + "updated_at": "2022-12-28T10:58:37Z", + "pushed_at": "2022-12-28T10:58:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40373.json b/2021/CVE-2021-40373.json deleted file mode 100644 index 75fc760fb7..0000000000 --- a/2021/CVE-2021-40373.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 401705362, - "name": "CVE-2021-40373", - "full_name": "maikroservice\/CVE-2021-40373", - "owner": { - "login": "maikroservice", - "id": 20245897, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/20245897?v=4", - "html_url": "https:\/\/github.com\/maikroservice" - }, - "html_url": "https:\/\/github.com\/maikroservice\/CVE-2021-40373", - "description": "CVE-2021-40373 - remote code execution", - "fork": false, - "created_at": "2021-08-31T13:03:10Z", - "updated_at": "2022-03-24T09:34:07Z", - "pushed_at": "2022-03-24T09:34:04Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-40438.json b/2021/CVE-2021-40438.json index 08afb55f8f..12e9e3beb7 100644 --- a/2021/CVE-2021-40438.json +++ b/2021/CVE-2021-40438.json @@ -1,33 +1,4 @@ [ - { - "id": 477381613, - "name": "CVE-2021-40438", - "full_name": "Kashkovsky\/CVE-2021-40438", - "owner": { - "login": "Kashkovsky", - "id": 13631794, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/13631794?v=4", - "html_url": "https:\/\/github.com\/Kashkovsky" - }, - "html_url": "https:\/\/github.com\/Kashkovsky\/CVE-2021-40438", - "description": "Apache forward request CVE", - "fork": false, - "created_at": "2022-04-03T15:24:24Z", - "updated_at": "2022-08-29T18:18:59Z", - "pushed_at": "2022-04-03T18:34:35Z", - "stargazers_count": 5, - "watchers_count": 5, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 5, - "score": 0 - }, { "id": 501852714, "name": "CVE-2021-40438", diff --git a/2021/CVE-2021-40449.json b/2021/CVE-2021-40449.json deleted file mode 100644 index 841b86c426..0000000000 --- a/2021/CVE-2021-40449.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 466221042, - "name": "voidmap", - "full_name": "SamuelTulach\/voidmap", - "owner": { - "login": "SamuelTulach", - "id": 16323119, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16323119?v=4", - "html_url": "https:\/\/github.com\/SamuelTulach" - }, - "html_url": "https:\/\/github.com\/SamuelTulach\/voidmap", - "description": "Using CVE-2021-40449 to manual map kernel mode driver", - "fork": false, - "created_at": "2022-03-04T17:55:52Z", - "updated_at": "2022-12-27T10:18:55Z", - "pushed_at": "2022-03-05T18:34:25Z", - "stargazers_count": 56, - "watchers_count": 56, - "has_discussions": false, - "forks_count": 27, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 27, - "watchers": 56, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-4069.json b/2021/CVE-2021-4069.json new file mode 100644 index 0000000000..cdde22eed3 --- /dev/null +++ b/2021/CVE-2021-4069.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971723, + "name": "CVE-2021-4069", + "full_name": "Live-Hack-CVE\/CVE-2021-4069", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4069", + "description": "vim is vulnerable to Use After Free CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:52Z", + "updated_at": "2022-12-28T11:39:52Z", + "pushed_at": "2022-12-28T11:39:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-40875.json b/2021/CVE-2021-40875.json deleted file mode 100644 index 6a5a59beb0..0000000000 --- a/2021/CVE-2021-40875.json +++ /dev/null @@ -1,35 +0,0 @@ -[ - { - "id": 463282170, - "name": "TestRail-files.md5-IAC-scanner", - "full_name": "Lul\/TestRail-files.md5-IAC-scanner", - "owner": { - "login": "Lul", - "id": 59487177, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/59487177?v=4", - "html_url": "https:\/\/github.com\/Lul" - }, - "html_url": "https:\/\/github.com\/Lul\/TestRail-files.md5-IAC-scanner", - "description": "Python scanner for TestRail servers vulnerable to CVE-2021-40875", - "fork": false, - "created_at": "2022-02-24T19:52:01Z", - "updated_at": "2022-02-25T01:56:15Z", - "pushed_at": "2022-02-28T14:53:40Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2021-40875", - "python3", - "testrail" - ], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-41073.json b/2021/CVE-2021-41073.json deleted file mode 100644 index 5c45996d62..0000000000 --- a/2021/CVE-2021-41073.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 465436142, - "name": "Linux_LPE_io_uring_CVE-2021-41073", - "full_name": "chompie1337\/Linux_LPE_io_uring_CVE-2021-41073", - "owner": { - "login": "chompie1337", - "id": 56364411, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/56364411?v=4", - "html_url": "https:\/\/github.com\/chompie1337" - }, - "html_url": "https:\/\/github.com\/chompie1337\/Linux_LPE_io_uring_CVE-2021-41073", - "description": null, - "fork": false, - "created_at": "2022-03-02T19:07:37Z", - "updated_at": "2022-12-17T06:43:09Z", - "pushed_at": "2022-03-08T15:37:34Z", - "stargazers_count": 85, - "watchers_count": 85, - "has_discussions": false, - "forks_count": 18, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 18, - "watchers": 85, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-41141.json b/2021/CVE-2021-41141.json new file mode 100644 index 0000000000..24db0c5d26 --- /dev/null +++ b/2021/CVE-2021-41141.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923443, + "name": "CVE-2021-41141", + "full_name": "Live-Hack-CVE\/CVE-2021-41141", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-41141", + "description": "PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error\/failure occurs, it is found that the function returns without releasing the currently held locks. This could CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:45:29Z", + "updated_at": "2022-12-28T08:45:29Z", + "pushed_at": "2022-12-28T08:45:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-41277.json b/2021/CVE-2021-41277.json index 08588b1c2d..09c55909dc 100644 --- a/2021/CVE-2021-41277.json +++ b/2021/CVE-2021-41277.json @@ -27,34 +27,5 @@ "forks": 1, "watchers": 4, "score": 0 - }, - { - "id": 468638331, - "name": "CVE-2021-41277", - "full_name": "Chen-ling-afk\/CVE-2021-41277", - "owner": { - "login": "Chen-ling-afk", - "id": 76235286, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76235286?v=4", - "html_url": "https:\/\/github.com\/Chen-ling-afk" - }, - "html_url": "https:\/\/github.com\/Chen-ling-afk\/CVE-2021-41277", - "description": "MetaBase 任意文件读取", - "fork": false, - "created_at": "2022-03-11T06:39:38Z", - "updated_at": "2022-08-25T14:19:45Z", - "pushed_at": "2022-03-11T07:48:18Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-41313.json b/2021/CVE-2021-41313.json new file mode 100644 index 0000000000..43d2704edd --- /dev/null +++ b/2021/CVE-2021-41313.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924694, + "name": "CVE-2021-41313", + "full_name": "Live-Hack-CVE\/CVE-2021-41313", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-41313", + "description": "Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the \/secure\/admin\/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:14Z", + "updated_at": "2022-12-28T08:50:14Z", + "pushed_at": "2022-12-28T08:50:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-41338.json b/2021/CVE-2021-41338.json deleted file mode 100644 index 833be672e3..0000000000 --- a/2021/CVE-2021-41338.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 472963061, - "name": "firewall-cve", - "full_name": "Mario-Kart-Felix\/firewall-cve", - "owner": { - "login": "Mario-Kart-Felix", - "id": 76971465, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76971465?v=4", - "html_url": "https:\/\/github.com\/Mario-Kart-Felix" - }, - "html_url": "https:\/\/github.com\/Mario-Kart-Felix\/firewall-cve", - "description": "Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability CVE-2021-41338 Security Vulnerability Released: Oct 12, 2021 Assigning CNA: Microsoft MITRE CVE-2021-41338 CVSS:3.1 5.5 \/ 5.0 Attack Vector Local Attack Complexity Low Privileges Required Low User Interaction None Scope Unchanged Confidentiality High Integrity None Availability None Exploit Code Maturity Proof-of-Concept Remediation Level Official Fix Report Confidence Confirmed Please see Common Vulnerability Scoring System for more information on the definition of these metrics. Exploitability The following table provides an exploitability assessment for this vulnerability at the time of original publication. Yes No Exploitation Less Likely", - "fork": false, - "created_at": "2022-03-22T22:53:32Z", - "updated_at": "2022-03-22T22:56:29Z", - "pushed_at": "2022-03-29T02:29:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-41381.json b/2021/CVE-2021-41381.json new file mode 100644 index 0000000000..c1e0984a04 --- /dev/null +++ b/2021/CVE-2021-41381.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936394, + "name": "CVE-2021-41381", + "full_name": "Live-Hack-CVE\/CVE-2021-41381", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-41381", + "description": "Payara Micro Community 5.2021.6 and below allows Directory Traversal. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:32:12Z", + "updated_at": "2022-12-28T09:32:12Z", + "pushed_at": "2022-12-28T09:32:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-4160.json b/2021/CVE-2021-4160.json new file mode 100644 index 0000000000..666b20ae77 --- /dev/null +++ b/2021/CVE-2021-4160.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969075, + "name": "CVE-2021-4160", + "full_name": "Live-Hack-CVE\/CVE-2021-4160", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4160", + "description": "There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks a CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:29Z", + "updated_at": "2022-12-28T11:30:29Z", + "pushed_at": "2022-12-28T11:30:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-41773.json b/2021/CVE-2021-41773.json index b28393f84c..66c04033e4 100644 --- a/2021/CVE-2021-41773.json +++ b/2021/CVE-2021-41773.json @@ -238,259 +238,6 @@ "watchers": 0, "score": 0 }, - { - "id": 464271089, - "name": "CVE-2021-41773", - "full_name": "skentagon\/CVE-2021-41773", - "owner": { - "login": "skentagon", - "id": 49702576, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49702576?v=4", - "html_url": "https:\/\/github.com\/skentagon" - }, - "html_url": "https:\/\/github.com\/skentagon\/CVE-2021-41773", - "description": null, - "fork": false, - "created_at": "2022-02-27T22:39:58Z", - "updated_at": "2022-03-04T00:11:58Z", - "pushed_at": "2022-03-04T00:05:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 467687901, - "name": "CVE-2021-41773", - "full_name": "mauricelambert\/CVE-2021-41773", - "owner": { - "login": "mauricelambert", - "id": 50479118, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50479118?v=4", - "html_url": "https:\/\/github.com\/mauricelambert" - }, - "html_url": "https:\/\/github.com\/mauricelambert\/CVE-2021-41773", - "description": "These Metasploit, Nmap, Python and Ruby scripts detects and exploits CVE-2021-41773 with RCE and local file disclosure.", - "fork": false, - "created_at": "2022-03-08T21:55:53Z", - "updated_at": "2022-03-23T16:56:34Z", - "pushed_at": "2022-03-14T07:34:49Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve", - "cve-2021-41773", - "detection", - "exploit", - "metasploit", - "nmap", - "python3", - "rce", - "ruby", - "scanner", - "vulnerability" - ], - "visibility": "public", - "forks": 2, - "watchers": 1, - "score": 0 - }, - { - "id": 468909402, - "name": "CVE-2021-41773", - "full_name": "the29a\/CVE-2021-41773", - "owner": { - "login": "the29a", - "id": 4436697, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4436697?v=4", - "html_url": "https:\/\/github.com\/the29a" - }, - "html_url": "https:\/\/github.com\/the29a\/CVE-2021-41773", - "description": "Small PoC of CVE-2021-41773", - "fork": false, - "created_at": "2022-03-11T21:50:35Z", - "updated_at": "2022-03-11T21:52:35Z", - "pushed_at": "2022-03-11T22:10:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 469203660, - "name": "CVE-2021-41773", - "full_name": "thehackersbrain\/CVE-2021-41773", - "owner": { - "login": "thehackersbrain", - "id": 36809025, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/36809025?v=4", - "html_url": "https:\/\/github.com\/thehackersbrain" - }, - "html_url": "https:\/\/github.com\/thehackersbrain\/CVE-2021-41773", - "description": "Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773", - "fork": false, - "created_at": "2022-03-12T21:24:55Z", - "updated_at": "2022-11-21T15:34:17Z", - "pushed_at": "2022-03-12T21:30:58Z", - "stargazers_count": 58, - "watchers_count": 58, - "has_discussions": false, - "forks_count": 24, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "apache2", - "cve-2021-41773", - "exploit", - "gauravraj", - "lfi", - "python", - "rce", - "thehackersbrain" - ], - "visibility": "public", - "forks": 24, - "watchers": 58, - "score": 0 - }, - { - "id": 469576020, - "name": "CVE-2021-41773", - "full_name": "honypot\/CVE-2021-41773", - "owner": { - "login": "honypot", - "id": 101309325, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101309325?v=4", - "html_url": "https:\/\/github.com\/honypot" - }, - "html_url": "https:\/\/github.com\/honypot\/CVE-2021-41773", - "description": null, - "fork": false, - "created_at": "2022-03-14T04:08:56Z", - "updated_at": "2022-03-14T04:09:11Z", - "pushed_at": "2022-03-14T04:09:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 469821841, - "name": "CVE-2021-41773", - "full_name": "Fa1c0n35\/CVE-2021-41773", - "owner": { - "login": "Fa1c0n35", - "id": 33335488, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/33335488?v=4", - "html_url": "https:\/\/github.com\/Fa1c0n35" - }, - "html_url": "https:\/\/github.com\/Fa1c0n35\/CVE-2021-41773", - "description": null, - "fork": false, - "created_at": "2022-03-14T16:43:49Z", - "updated_at": "2022-03-14T16:44:00Z", - "pushed_at": "2022-03-14T16:43:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 474747864, - "name": "CVE-2021-41773-", - "full_name": "Evil-d0Zz\/CVE-2021-41773-", - "owner": { - "login": "Evil-d0Zz", - "id": 80478753, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/80478753?v=4", - "html_url": "https:\/\/github.com\/Evil-d0Zz" - }, - "html_url": "https:\/\/github.com\/Evil-d0Zz\/CVE-2021-41773-", - "description": null, - "fork": false, - "created_at": "2022-03-27T20:10:30Z", - "updated_at": "2022-03-27T20:10:30Z", - "pushed_at": "2022-03-27T20:10:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 474963195, - "name": "CVE-2021-41773", - "full_name": "puckiestyle\/CVE-2021-41773", - "owner": { - "login": "puckiestyle", - "id": 57447087, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/57447087?v=4", - "html_url": "https:\/\/github.com\/puckiestyle" - }, - "html_url": "https:\/\/github.com\/puckiestyle\/CVE-2021-41773", - "description": null, - "fork": false, - "created_at": "2022-03-28T11:02:46Z", - "updated_at": "2022-03-28T11:03:00Z", - "pushed_at": "2022-03-28T11:41:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 475931011, "name": "CVE-2021-41773", @@ -520,35 +267,6 @@ "watchers": 0, "score": 0 }, - { - "id": 476112666, - "name": "Reserch-CVE-2021-41773", - "full_name": "DoTuan1\/Reserch-CVE-2021-41773", - "owner": { - "login": "DoTuan1", - "id": 63194321, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/63194321?v=4", - "html_url": "https:\/\/github.com\/DoTuan1" - }, - "html_url": "https:\/\/github.com\/DoTuan1\/Reserch-CVE-2021-41773", - "description": null, - "fork": false, - "created_at": "2022-03-31T01:48:33Z", - "updated_at": "2022-03-31T01:54:45Z", - "pushed_at": "2022-03-31T03:03:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 477111512, "name": "netsec-polygon", diff --git a/2021/CVE-2021-4192.json b/2021/CVE-2021-4192.json new file mode 100644 index 0000000000..180ce1c176 --- /dev/null +++ b/2021/CVE-2021-4192.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971711, + "name": "CVE-2021-4192", + "full_name": "Live-Hack-CVE\/CVE-2021-4192", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4192", + "description": "vim is vulnerable to Use After Free CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:48Z", + "updated_at": "2022-12-28T11:39:48Z", + "pushed_at": "2022-12-28T11:39:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-4193.json b/2021/CVE-2021-4193.json new file mode 100644 index 0000000000..4714e98bb6 --- /dev/null +++ b/2021/CVE-2021-4193.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971841, + "name": "CVE-2021-4193", + "full_name": "Live-Hack-CVE\/CVE-2021-4193", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4193", + "description": "vim is vulnerable to Out-of-bounds Read CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:40:12Z", + "updated_at": "2022-12-28T11:40:12Z", + "pushed_at": "2022-12-28T11:40:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42013.json b/2021/CVE-2021-42013.json index 769f06957f..8329d988aa 100644 --- a/2021/CVE-2021-42013.json +++ b/2021/CVE-2021-42013.json @@ -86,105 +86,6 @@ "watchers": 1, "score": 0 }, - { - "id": 466011549, - "name": "CVE-2022-22947-Spring-Cloud-Gateway", - "full_name": "tangxiaofeng7\/CVE-2022-22947-Spring-Cloud-Gateway", - "owner": { - "login": "tangxiaofeng7", - "id": 45926593, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45926593?v=4", - "html_url": "https:\/\/github.com\/tangxiaofeng7" - }, - "html_url": "https:\/\/github.com\/tangxiaofeng7\/CVE-2022-22947-Spring-Cloud-Gateway", - "description": "CVE-2021-42013批量", - "fork": false, - "created_at": "2022-03-04T06:38:26Z", - "updated_at": "2022-11-09T18:15:27Z", - "pushed_at": "2022-03-04T10:49:00Z", - "stargazers_count": 67, - "watchers_count": 67, - "has_discussions": false, - "forks_count": 22, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 22, - "watchers": 67, - "score": 0 - }, - { - "id": 467686191, - "name": "CVE-2021-42013", - "full_name": "mauricelambert\/CVE-2021-42013", - "owner": { - "login": "mauricelambert", - "id": 50479118, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50479118?v=4", - "html_url": "https:\/\/github.com\/mauricelambert" - }, - "html_url": "https:\/\/github.com\/mauricelambert\/CVE-2021-42013", - "description": "These Nmap, Python and Ruby scripts detects and exploits CVE-2021-42013 with RCE and local file disclosure.", - "fork": false, - "created_at": "2022-03-08T21:48:40Z", - "updated_at": "2022-03-23T16:46:10Z", - "pushed_at": "2022-03-14T07:36:49Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve", - "cve-2021-42013", - "detection", - "exploit", - "metasploit", - "nmap", - "python3", - "rce", - "ruby", - "scanner", - "vulnerability" - ], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - }, - { - "id": 469575892, - "name": "CVE-2021-42013", - "full_name": "honypot\/CVE-2021-42013", - "owner": { - "login": "honypot", - "id": 101309325, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101309325?v=4", - "html_url": "https:\/\/github.com\/honypot" - }, - "html_url": "https:\/\/github.com\/honypot\/CVE-2021-42013", - "description": null, - "fork": false, - "created_at": "2022-03-14T04:08:24Z", - "updated_at": "2022-03-14T04:20:42Z", - "pushed_at": "2022-03-14T04:08:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 479265759, "name": "CVE-2021-42013", diff --git a/2021/CVE-2021-4204.json b/2021/CVE-2021-4204.json deleted file mode 100644 index 4cb4cb604d..0000000000 --- a/2021/CVE-2021-4204.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 463038208, - "name": "CVE-2021-4204", - "full_name": "tr3ee\/CVE-2021-4204", - "owner": { - "login": "tr3ee", - "id": 26628940, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26628940?v=4", - "html_url": "https:\/\/github.com\/tr3ee" - }, - "html_url": "https:\/\/github.com\/tr3ee\/CVE-2021-4204", - "description": "CVE-2021-4204: Linux Kernel eBPF Local Privilege Escalation", - "fork": false, - "created_at": "2022-02-24T06:43:56Z", - "updated_at": "2022-11-09T18:15:23Z", - "pushed_at": "2022-03-19T06:32:50Z", - "stargazers_count": 56, - "watchers_count": 56, - "has_discussions": false, - "forks_count": 9, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 9, - "watchers": 56, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-4214.json b/2021/CVE-2021-4214.json new file mode 100644 index 0000000000..daa2235b25 --- /dev/null +++ b/2021/CVE-2021-4214.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983429, + "name": "CVE-2021-4214", + "full_name": "Live-Hack-CVE\/CVE-2021-4214", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4214", + "description": "A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:21:32Z", + "updated_at": "2022-12-28T12:21:32Z", + "pushed_at": "2022-12-28T12:21:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42171.json b/2021/CVE-2021-42171.json deleted file mode 100644 index 3eaea29fab..0000000000 --- a/2021/CVE-2021-42171.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 411900067, - "name": "CVE-2021-42171", - "full_name": "minhnq22\/CVE-2021-42171", - "owner": { - "login": "minhnq22", - "id": 19742808, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19742808?v=4", - "html_url": "https:\/\/github.com\/minhnq22" - }, - "html_url": "https:\/\/github.com\/minhnq22\/CVE-2021-42171", - "description": "File upload to Remote Code Execution on Zenario CMS 9.0.54156", - "fork": false, - "created_at": "2021-09-30T02:44:19Z", - "updated_at": "2022-04-03T03:22:30Z", - "pushed_at": "2022-04-03T03:22:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42205.json b/2021/CVE-2021-42205.json new file mode 100644 index 0000000000..f11e506e32 --- /dev/null +++ b/2021/CVE-2021-42205.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969158, + "name": "CVE-2021-42205", + "full_name": "Live-Hack-CVE\/CVE-2021-42205", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-42205", + "description": "ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:44Z", + "updated_at": "2022-12-28T11:30:44Z", + "pushed_at": "2022-12-28T11:30:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42287.json b/2021/CVE-2021-42287.json index 754cc2db35..5a6ffd1a3c 100644 --- a/2021/CVE-2021-42287.json +++ b/2021/CVE-2021-42287.json @@ -1,33 +1,4 @@ [ - { - "id": 476650535, - "name": "Invoke-sAMSpoofing", - "full_name": "XiaoliChan\/Invoke-sAMSpoofing", - "owner": { - "login": "XiaoliChan", - "id": 30458572, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30458572?v=4", - "html_url": "https:\/\/github.com\/XiaoliChan" - }, - "html_url": "https:\/\/github.com\/XiaoliChan\/Invoke-sAMSpoofing", - "description": "CVE-2021-42287\/CVE-2021-42278 exploits in powershell", - "fork": false, - "created_at": "2022-04-01T09:10:14Z", - "updated_at": "2022-11-09T18:15:39Z", - "pushed_at": "2022-04-04T08:33:41Z", - "stargazers_count": 31, - "watchers_count": 31, - "has_discussions": false, - "forks_count": 5, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 5, - "watchers": 31, - "score": 0 - }, { "id": 581054615, "name": "noPac", diff --git a/2021/CVE-2021-4240.json b/2021/CVE-2021-4240.json new file mode 100644 index 0000000000..1f34f4cbfa --- /dev/null +++ b/2021/CVE-2021-4240.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891385, + "name": "CVE-2021-4240", + "full_name": "Live-Hack-CVE\/CVE-2021-4240", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4240", + "description": "A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src\/psm\/Service\/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:13Z", + "updated_at": "2022-12-28T06:39:13Z", + "pushed_at": "2022-12-28T06:39:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-4241.json b/2021/CVE-2021-4241.json new file mode 100644 index 0000000000..e348bc89b2 --- /dev/null +++ b/2021/CVE-2021-4241.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891357, + "name": "CVE-2021-4241", + "full_name": "Live-Hack-CVE\/CVE-2021-4241", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-4241", + "description": "A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src\/psm\/Service\/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:05Z", + "updated_at": "2022-12-28T06:39:05Z", + "pushed_at": "2022-12-28T06:39:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42662.json b/2021/CVE-2021-42662.json deleted file mode 100644 index 13e3e2da6a..0000000000 --- a/2021/CVE-2021-42662.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424326946, - "name": "CVE-2021-42662", - "full_name": "0xDeku\/CVE-2021-42662", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42662", - "description": "CVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system. ", - "fork": false, - "created_at": "2021-11-03T17:51:55Z", - "updated_at": "2022-04-24T13:55:02Z", - "pushed_at": "2022-03-24T18:08:34Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 2, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 2, - "watchers": 3, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42663.json b/2021/CVE-2021-42663.json deleted file mode 100644 index 9d7738b020..0000000000 --- a/2021/CVE-2021-42663.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424343690, - "name": "CVE-2021-42663", - "full_name": "0xDeku\/CVE-2021-42663", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42663", - "description": "CVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system. ", - "fork": false, - "created_at": "2021-11-03T18:49:28Z", - "updated_at": "2022-04-24T13:55:00Z", - "pushed_at": "2022-03-24T18:09:07Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42664.json b/2021/CVE-2021-42664.json deleted file mode 100644 index 74d30a5e95..0000000000 --- a/2021/CVE-2021-42664.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424354876, - "name": "CVE-2021-42664", - "full_name": "0xDeku\/CVE-2021-42664", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42664", - "description": " CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system.", - "fork": false, - "created_at": "2021-11-03T19:29:57Z", - "updated_at": "2022-04-24T13:54:56Z", - "pushed_at": "2022-03-24T18:09:35Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42665.json b/2021/CVE-2021-42665.json deleted file mode 100644 index 7303ed93d8..0000000000 --- a/2021/CVE-2021-42665.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424362612, - "name": "CVE-2021-42665", - "full_name": "0xDeku\/CVE-2021-42665", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42665", - "description": "CVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system. ", - "fork": false, - "created_at": "2021-11-03T19:58:58Z", - "updated_at": "2022-04-24T13:54:54Z", - "pushed_at": "2022-03-24T18:09:50Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42666.json b/2021/CVE-2021-42666.json deleted file mode 100644 index 7107a53fd8..0000000000 --- a/2021/CVE-2021-42666.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424367205, - "name": "CVE-2021-42666", - "full_name": "0xDeku\/CVE-2021-42666", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42666", - "description": "CVE-2021-42666 - SQL Injection vulnerability in the Engineers online portal system. ", - "fork": false, - "created_at": "2021-11-03T20:14:58Z", - "updated_at": "2022-04-24T13:54:53Z", - "pushed_at": "2022-03-24T18:10:08Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42667.json b/2021/CVE-2021-42667.json deleted file mode 100644 index 9856fd1014..0000000000 --- a/2021/CVE-2021-42667.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424371514, - "name": "CVE-2021-42667", - "full_name": "0xDeku\/CVE-2021-42667", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42667", - "description": "CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system.", - "fork": false, - "created_at": "2021-11-03T20:31:30Z", - "updated_at": "2022-04-24T13:54:52Z", - "pushed_at": "2022-03-24T18:10:23Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42668.json b/2021/CVE-2021-42668.json deleted file mode 100644 index 391dcb459e..0000000000 --- a/2021/CVE-2021-42668.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424374708, - "name": "CVE-2021-42668", - "full_name": "0xDeku\/CVE-2021-42668", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42668", - "description": "CVE-2021-42668 - SQL Injection vulnerability in the Engineers online portal system. ", - "fork": false, - "created_at": "2021-11-03T20:43:30Z", - "updated_at": "2022-04-24T13:54:50Z", - "pushed_at": "2022-03-24T18:11:35Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42670.json b/2021/CVE-2021-42670.json deleted file mode 100644 index 339f36877e..0000000000 --- a/2021/CVE-2021-42670.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424385119, - "name": "CVE-2021-42670", - "full_name": "0xDeku\/CVE-2021-42670", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42670", - "description": "CVE-2021-42670 - SQL Injection vulnerability in the Engineers online portal system. ", - "fork": false, - "created_at": "2021-11-03T21:25:43Z", - "updated_at": "2022-04-24T13:54:49Z", - "pushed_at": "2022-03-24T18:12:05Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-42671.json b/2021/CVE-2021-42671.json deleted file mode 100644 index 06b860ae7e..0000000000 --- a/2021/CVE-2021-42671.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 424387160, - "name": "CVE-2021-42671", - "full_name": "0xDeku\/CVE-2021-42671", - "owner": { - "login": "0xDeku", - "id": 93016131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93016131?v=4", - "html_url": "https:\/\/github.com\/0xDeku" - }, - "html_url": "https:\/\/github.com\/0xDeku\/CVE-2021-42671", - "description": "CVE-2021-42671 - Broken access control vulnerability in the Engineers online portal system. ", - "fork": false, - "created_at": "2021-11-03T21:34:23Z", - "updated_at": "2022-04-24T13:54:43Z", - "pushed_at": "2022-03-24T18:12:27Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-43299.json b/2021/CVE-2021-43299.json new file mode 100644 index 0000000000..4d754212ea --- /dev/null +++ b/2021/CVE-2021-43299.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893312, + "name": "CVE-2021-43299", + "full_name": "Live-Hack-CVE\/CVE-2021-43299", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43299", + "description": "Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:49Z", + "updated_at": "2022-12-28T06:46:49Z", + "pushed_at": "2022-12-28T06:46:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-43300.json b/2021/CVE-2021-43300.json new file mode 100644 index 0000000000..065f7ffa8d --- /dev/null +++ b/2021/CVE-2021-43300.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893326, + "name": "CVE-2021-43300", + "full_name": "Live-Hack-CVE\/CVE-2021-43300", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43300", + "description": "Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:52Z", + "updated_at": "2022-12-28T06:46:52Z", + "pushed_at": "2022-12-28T06:46:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-43301.json b/2021/CVE-2021-43301.json new file mode 100644 index 0000000000..4bf2a3ea83 --- /dev/null +++ b/2021/CVE-2021-43301.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893413, + "name": "CVE-2021-43301", + "full_name": "Live-Hack-CVE\/CVE-2021-43301", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43301", + "description": "Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:12Z", + "updated_at": "2022-12-28T06:47:12Z", + "pushed_at": "2022-12-28T06:47:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-43302.json b/2021/CVE-2021-43302.json new file mode 100644 index 0000000000..cc3c21f315 --- /dev/null +++ b/2021/CVE-2021-43302.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893425, + "name": "CVE-2021-43302", + "full_name": "Live-Hack-CVE\/CVE-2021-43302", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43302", + "description": "Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:16Z", + "updated_at": "2022-12-28T06:47:16Z", + "pushed_at": "2022-12-28T06:47:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-43303.json b/2021/CVE-2021-43303.json new file mode 100644 index 0000000000..b3fd5ee7f4 --- /dev/null +++ b/2021/CVE-2021-43303.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893442, + "name": "CVE-2021-43303", + "full_name": "Live-Hack-CVE\/CVE-2021-43303", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43303", + "description": "Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:19Z", + "updated_at": "2022-12-28T06:47:19Z", + "pushed_at": "2022-12-28T06:47:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-43798.json b/2021/CVE-2021-43798.json index d9c2d28c7c..f89e5ac2a9 100644 --- a/2021/CVE-2021-43798.json +++ b/2021/CVE-2021-43798.json @@ -1,33 +1,4 @@ [ - { - "id": 439241226, - "name": "CVE-2021-43798-Grafana", - "full_name": "k3rwin\/CVE-2021-43798-Grafana", - "owner": { - "login": "k3rwin", - "id": 59213152, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/59213152?v=4", - "html_url": "https:\/\/github.com\/k3rwin" - }, - "html_url": "https:\/\/github.com\/k3rwin\/CVE-2021-43798-Grafana", - "description": "CVE-2021-43798 Grafana任意文件读取", - "fork": false, - "created_at": "2021-12-17T07:03:32Z", - "updated_at": "2022-03-13T10:04:41Z", - "pushed_at": "2022-03-16T04:33:37Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - }, { "id": 463472397, "name": "GrafanaDirInclusion", @@ -57,35 +28,6 @@ "watchers": 0, "score": 0 }, - { - "id": 465654847, - "name": "grafana-cve-2021-43798", - "full_name": "yasin-cs-ko-ak\/grafana-cve-2021-43798", - "owner": { - "login": "yasin-cs-ko-ak", - "id": 92008211, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/92008211?v=4", - "html_url": "https:\/\/github.com\/yasin-cs-ko-ak" - }, - "html_url": "https:\/\/github.com\/yasin-cs-ko-ak\/grafana-cve-2021-43798", - "description": "This repository contains files for reproducing the vulnerability.", - "fork": false, - "created_at": "2022-03-03T09:37:46Z", - "updated_at": "2022-03-03T09:37:46Z", - "pushed_at": "2022-03-03T09:42:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 547929236, "name": "CVE-2021-43798", diff --git a/2021/CVE-2021-43804.json b/2021/CVE-2021-43804.json new file mode 100644 index 0000000000..1d8a351f70 --- /dev/null +++ b/2021/CVE-2021-43804.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893516, + "name": "CVE-2021-43804", + "full_name": "Live-Hack-CVE\/CVE-2021-43804", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43804", + "description": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packe CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:36Z", + "updated_at": "2022-12-28T06:47:37Z", + "pushed_at": "2022-12-28T06:47:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-43845.json b/2021/CVE-2021-43845.json new file mode 100644 index 0000000000..c9f0016010 --- /dev/null +++ b/2021/CVE-2021-43845.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893481, + "name": "CVE-2021-43845", + "full_name": "Live-Hack-CVE\/CVE-2021-43845", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43845", + "description": "PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:30Z", + "updated_at": "2022-12-28T06:47:30Z", + "pushed_at": "2022-12-28T06:47:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-43936.json b/2021/CVE-2021-43936.json deleted file mode 100644 index 0ba183b390..0000000000 --- a/2021/CVE-2021-43936.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 437671075, - "name": "CVE-2021-43936", - "full_name": "LongWayHomie\/CVE-2021-43936", - "owner": { - "login": "LongWayHomie", - "id": 63229183, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/63229183?v=4", - "html_url": "https:\/\/github.com\/LongWayHomie" - }, - "html_url": "https:\/\/github.com\/LongWayHomie\/CVE-2021-43936", - "description": "CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware.", - "fork": false, - "created_at": "2021-12-12T22:31:00Z", - "updated_at": "2022-07-05T01:05:23Z", - "pushed_at": "2022-03-29T11:41:00Z", - "stargazers_count": 8, - "watchers_count": 8, - "has_discussions": false, - "forks_count": 7, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 7, - "watchers": 8, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-43946.json b/2021/CVE-2021-43946.json new file mode 100644 index 0000000000..58e051a211 --- /dev/null +++ b/2021/CVE-2021-43946.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947738, + "name": "CVE-2021-43946", + "full_name": "Live-Hack-CVE\/CVE-2021-43946", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43946", + "description": "Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the \/secure\/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:15Z", + "updated_at": "2022-12-28T10:12:15Z", + "pushed_at": "2022-12-28T10:12:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-43980.json b/2021/CVE-2021-43980.json new file mode 100644 index 0000000000..8caaecaa10 --- /dev/null +++ b/2021/CVE-2021-43980.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959852, + "name": "CVE-2021-43980", + "full_name": "Live-Hack-CVE\/CVE-2021-43980", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-43980", + "description": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:20Z", + "updated_at": "2022-12-28T10:56:20Z", + "pushed_at": "2022-12-28T10:56:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-44142.json b/2021/CVE-2021-44142.json index b97c2e7037..6373a1acd0 100644 --- a/2021/CVE-2021-44142.json +++ b/2021/CVE-2021-44142.json @@ -1,62 +1,4 @@ [ - { - "id": 475550985, - "name": "Samba-CVE-2021-44142", - "full_name": "hrsman\/Samba-CVE-2021-44142", - "owner": { - "login": "hrsman", - "id": 102617131, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102617131?v=4", - "html_url": "https:\/\/github.com\/hrsman" - }, - "html_url": "https:\/\/github.com\/hrsman\/Samba-CVE-2021-44142", - "description": null, - "fork": false, - "created_at": "2022-03-29T17:32:25Z", - "updated_at": "2022-03-29T18:25:12Z", - "pushed_at": "2022-03-29T20:43:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 475582400, - "name": "CVE-2021-44142", - "full_name": "horizon3ai\/CVE-2021-44142", - "owner": { - "login": "horizon3ai", - "id": 79593994, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79593994?v=4", - "html_url": "https:\/\/github.com\/horizon3ai" - }, - "html_url": "https:\/\/github.com\/horizon3ai\/CVE-2021-44142", - "description": null, - "fork": false, - "created_at": "2022-03-29T19:03:38Z", - "updated_at": "2022-11-12T13:55:19Z", - "pushed_at": "2022-03-29T20:47:13Z", - "stargazers_count": 8, - "watchers_count": 8, - "has_discussions": false, - "forks_count": 4, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 4, - "watchers": 8, - "score": 0 - }, { "id": 484298524, "name": "CVE-2021-44142", diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index c9298ef97b..b27dc23d10 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -177,10 +177,10 @@ "description": "CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks", "fork": false, "created_at": "2021-12-11T07:19:11Z", - "updated_at": "2022-12-27T10:30:52Z", + "updated_at": "2022-12-28T08:57:58Z", "pushed_at": "2022-12-09T07:10:04Z", - "stargazers_count": 584, - "watchers_count": 584, + "stargazers_count": 585, + "watchers_count": 585, "has_discussions": false, "forks_count": 105, "allow_forking": true, @@ -194,7 +194,7 @@ ], "visibility": "public", "forks": 105, - "watchers": 584, + "watchers": 585, "score": 0 }, { @@ -268,47 +268,6 @@ "watchers": 4, "score": 0 }, - { - "id": 437419010, - "name": "log4j-detector", - "full_name": "mergebase\/log4j-detector", - "owner": { - "login": "mergebase", - "id": 73667397, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73667397?v=4", - "html_url": "https:\/\/github.com\/mergebase" - }, - "html_url": "https:\/\/github.com\/mergebase\/log4j-detector", - "description": "Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!", - "fork": false, - "created_at": "2021-12-12T00:29:03Z", - "updated_at": "2022-12-26T18:20:52Z", - "pushed_at": "2022-03-10T18:44:50Z", - "stargazers_count": 623, - "watchers_count": 623, - "has_discussions": false, - "forks_count": 99, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2021-44228", - "cve-2021-45046", - "cve-2021-45105", - "cybersecurity", - "detector", - "log4j", - "log4shell", - "pentest", - "sca", - "scanner", - "vulnerability-scanner" - ], - "visibility": "public", - "forks": 99, - "watchers": 623, - "score": 0 - }, { "id": 437426386, "name": "hotpatch-for-apache-log4j2", @@ -561,35 +520,6 @@ "watchers": 359, "score": 0 }, - { - "id": 438432868, - "name": "CVE-2021-44228_scanner", - "full_name": "CERTCC\/CVE-2021-44228_scanner", - "owner": { - "login": "CERTCC", - "id": 37221555, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37221555?v=4", - "html_url": "https:\/\/github.com\/CERTCC" - }, - "html_url": "https:\/\/github.com\/CERTCC\/CVE-2021-44228_scanner", - "description": "Scanners for Jar files that may be vulnerable to CVE-2021-44228", - "fork": false, - "created_at": "2021-12-14T23:33:51Z", - "updated_at": "2022-12-24T21:32:37Z", - "pushed_at": "2022-03-23T18:12:51Z", - "stargazers_count": 342, - "watchers_count": 342, - "has_discussions": false, - "forks_count": 94, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 94, - "watchers": 342, - "score": 0 - }, { "id": 438689577, "name": "Log4j", @@ -710,35 +640,6 @@ "watchers": 3, "score": 0 }, - { - "id": 439018822, - "name": "log4j-filescan", - "full_name": "andalik\/log4j-filescan", - "owner": { - "login": "andalik", - "id": 12278569, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12278569?v=4", - "html_url": "https:\/\/github.com\/andalik" - }, - "html_url": "https:\/\/github.com\/andalik\/log4j-filescan", - "description": "Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 e CVE-2021-44832)", - "fork": false, - "created_at": "2021-12-16T14:29:05Z", - "updated_at": "2022-03-05T22:52:28Z", - "pushed_at": "2022-03-05T23:01:15Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - }, { "id": 439129728, "name": "CVE-2021-44228", @@ -797,35 +698,6 @@ "watchers": 1, "score": 0 }, - { - "id": 439496578, - "name": "PowerShell-Log4J-Scanner", - "full_name": "DANSI\/PowerShell-Log4J-Scanner", - "owner": { - "login": "DANSI", - "id": 4057240, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4057240?v=4", - "html_url": "https:\/\/github.com\/DANSI" - }, - "html_url": "https:\/\/github.com\/DANSI\/PowerShell-Log4J-Scanner", - "description": "can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046", - "fork": false, - "created_at": "2021-12-18T00:51:46Z", - "updated_at": "2021-12-31T13:32:41Z", - "pushed_at": "2022-03-29T21:43:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 440220972, "name": "CVE-2021-44228---detection-with-PowerShell", @@ -855,74 +727,6 @@ "watchers": 0, "score": 0 }, - { - "id": 440261792, - "name": "TekiumLog4jApp", - "full_name": "erickrr-bd\/TekiumLog4jApp", - "owner": { - "login": "erickrr-bd", - "id": 77643346, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/77643346?v=4", - "html_url": "https:\/\/github.com\/erickrr-bd" - }, - "html_url": "https:\/\/github.com\/erickrr-bd\/TekiumLog4jApp", - "description": "Java application vulnerable to CVE-2021-44228", - "fork": false, - "created_at": "2021-12-20T17:59:56Z", - "updated_at": "2022-02-15T20:16:38Z", - "pushed_at": "2022-03-01T00:00:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "app", - "cve-2021-44228", - "docker", - "exploitation", - "java", - "jndi", - "log4j2", - "security", - "vulnerability" - ], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 440722343, - "name": "Log4Shell-CVE-2021-44228-Demo", - "full_name": "BabooPan\/Log4Shell-CVE-2021-44228-Demo", - "owner": { - "login": "BabooPan", - "id": 16317991, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16317991?v=4", - "html_url": "https:\/\/github.com\/BabooPan" - }, - "html_url": "https:\/\/github.com\/BabooPan\/Log4Shell-CVE-2021-44228-Demo", - "description": "Log4Shell Demo with AWS", - "fork": false, - "created_at": "2021-12-22T03:34:40Z", - "updated_at": "2021-12-24T08:56:47Z", - "pushed_at": "2022-03-28T06:49:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 441470836, "name": "Log4jUnifi", @@ -981,66 +785,6 @@ "watchers": 5, "score": 0 }, - { - "id": 441545718, - "name": "log4shell-vulnerable-app", - "full_name": "bsigouin\/log4shell-vulnerable-app", - "owner": { - "login": "bsigouin", - "id": 48130586, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/48130586?v=4", - "html_url": "https:\/\/github.com\/bsigouin" - }, - "html_url": "https:\/\/github.com\/bsigouin\/log4shell-vulnerable-app", - "description": "Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.", - "fork": false, - "created_at": "2021-12-24T20:00:12Z", - "updated_at": "2022-01-06T13:31:29Z", - "pushed_at": "2022-12-23T17:04:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 442033629, - "name": "ModSec-log4j2", - "full_name": "felipe8398\/ModSec-log4j2", - "owner": { - "login": "felipe8398", - "id": 24979677, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/24979677?v=4", - "html_url": "https:\/\/github.com\/felipe8398" - }, - "html_url": "https:\/\/github.com\/felipe8398\/ModSec-log4j2", - "description": "Regra ModSec para proteção log4j2 - CVE-2021-44228", - "fork": false, - "created_at": "2021-12-27T02:53:24Z", - "updated_at": "2022-06-19T02:08:13Z", - "pushed_at": "2022-03-10T22:09:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "docker" - ], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 442073643, "name": "log4j-vulnerability", @@ -1070,35 +814,6 @@ "watchers": 0, "score": 0 }, - { - "id": 442217104, - "name": "l4s_poc", - "full_name": "s-retlaw\/l4s_poc", - "owner": { - "login": "s-retlaw", - "id": 73955369, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73955369?v=4", - "html_url": "https:\/\/github.com\/s-retlaw" - }, - "html_url": "https:\/\/github.com\/s-retlaw\/l4s_poc", - "description": "Log4Shell (Cve-2021-44228) Proof Of Concept", - "fork": false, - "created_at": "2021-12-27T16:45:58Z", - "updated_at": "2022-01-04T14:50:09Z", - "pushed_at": "2022-10-05T19:03:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 444603389, "name": "CVE-2021-44228_scanner-main-Modified-", @@ -1157,68 +872,6 @@ "watchers": 1, "score": 0 }, - { - "id": 445687561, - "name": "log4j-fuzzer", - "full_name": "mr-vill4in\/log4j-fuzzer", - "owner": { - "login": "mr-vill4in", - "id": 51061936, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/51061936?v=4", - "html_url": "https:\/\/github.com\/mr-vill4in" - }, - "html_url": "https:\/\/github.com\/mr-vill4in\/log4j-fuzzer", - "description": "CVE-2021-44228", - "fork": false, - "created_at": "2022-01-08T00:28:32Z", - "updated_at": "2022-08-25T01:38:48Z", - "pushed_at": "2022-03-19T21:10:47Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 3, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 3, - "watchers": 4, - "score": 0 - }, - { - "id": 448612058, - "name": "log4stdin", - "full_name": "aajuvonen\/log4stdin", - "owner": { - "login": "aajuvonen", - "id": 97843492, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/97843492?v=4", - "html_url": "https:\/\/github.com\/aajuvonen" - }, - "html_url": "https:\/\/github.com\/aajuvonen\/log4stdin", - "description": "A Java application intentionally vulnerable to CVE-2021-44228", - "fork": false, - "created_at": "2022-01-16T16:39:19Z", - "updated_at": "2022-04-02T16:13:36Z", - "pushed_at": "2022-04-03T11:03:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2021-44228", - "log4shell", - "vulnerable-application" - ], - "visibility": "public", - "forks": 1, - "watchers": 0, - "score": 0 - }, { "id": 458500087, "name": "log4shell-white-box", @@ -1287,187 +940,6 @@ "watchers": 0, "score": 0 }, - { - "id": 463165453, - "name": "Log-4j-scanner", - "full_name": "Ananya-0306\/Log-4j-scanner", - "owner": { - "login": "Ananya-0306", - "id": 74227338, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/74227338?v=4", - "html_url": "https:\/\/github.com\/Ananya-0306" - }, - "html_url": "https:\/\/github.com\/Ananya-0306\/Log-4j-scanner", - "description": "A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228", - "fork": false, - "created_at": "2022-02-24T13:49:14Z", - "updated_at": "2022-04-29T13:54:03Z", - "pushed_at": "2022-03-04T13:30:17Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "bugbounty", - "cybersecurity", - "fork-for-contribution", - "log4j", - "open-source", - "trending-repositories" - ], - "visibility": "public", - "forks": 1, - "watchers": 1, - "score": 0 - }, - { - "id": 467749739, - "name": "log4shellwithlog4j2_13_3", - "full_name": "paulvkitor\/log4shellwithlog4j2_13_3", - "owner": { - "login": "paulvkitor", - "id": 101220344, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101220344?v=4", - "html_url": "https:\/\/github.com\/paulvkitor" - }, - "html_url": "https:\/\/github.com\/paulvkitor\/log4shellwithlog4j2_13_3", - "description": "Springboot web application accepts a name get parameter and logs its value to log4j2. Vulnerable to CVE-2021-44228.", - "fork": false, - "created_at": "2022-03-09T02:29:58Z", - "updated_at": "2022-03-09T04:11:03Z", - "pushed_at": "2022-03-09T04:11:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 468389206, - "name": "vulescanjndilookup", - "full_name": "MiguelM001\/vulescanjndilookup", - "owner": { - "login": "MiguelM001", - "id": 22323920, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22323920?v=4", - "html_url": "https:\/\/github.com\/MiguelM001" - }, - "html_url": "https:\/\/github.com\/MiguelM001\/vulescanjndilookup", - "description": "HERRAMIENTA AUTOMATIZADA PARA LA DETECCION DE LA VULNERABILIDAD CVE-2021-44228", - "fork": false, - "created_at": "2022-03-10T14:57:30Z", - "updated_at": "2022-03-10T15:56:57Z", - "pushed_at": "2022-03-11T17:49:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 468746734, - "name": "CVE-2021-44228", - "full_name": "Jun-5heng\/CVE-2021-44228", - "owner": { - "login": "Jun-5heng", - "id": 88525975, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/88525975?v=4", - "html_url": "https:\/\/github.com\/Jun-5heng" - }, - "html_url": "https:\/\/github.com\/Jun-5heng\/CVE-2021-44228", - "description": "Log4j2组件命令执行RCE \/ Code By:Jun_sheng", - "fork": false, - "created_at": "2022-03-11T12:43:15Z", - "updated_at": "2022-03-11T13:24:13Z", - "pushed_at": "2022-03-11T13:24:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 469576160, - "name": "CVE-2021-44228", - "full_name": "honypot\/CVE-2021-44228", - "owner": { - "login": "honypot", - "id": 101309325, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101309325?v=4", - "html_url": "https:\/\/github.com\/honypot" - }, - "html_url": "https:\/\/github.com\/honypot\/CVE-2021-44228", - "description": null, - "fork": false, - "created_at": "2022-03-14T04:09:36Z", - "updated_at": "2022-03-14T04:09:57Z", - "pushed_at": "2022-03-14T04:10:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, - { - "id": 469576898, - "name": "CVE-2021-44228-vuln-app", - "full_name": "honypot\/CVE-2021-44228-vuln-app", - "owner": { - "login": "honypot", - "id": 101309325, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101309325?v=4", - "html_url": "https:\/\/github.com\/honypot" - }, - "html_url": "https:\/\/github.com\/honypot\/CVE-2021-44228-vuln-app", - "description": null, - "fork": false, - "created_at": "2022-03-14T04:13:13Z", - "updated_at": "2022-03-14T04:13:24Z", - "pushed_at": "2022-03-14T04:16:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 482498767, "name": "log4j-scanner", diff --git a/2021/CVE-2021-44529.json b/2021/CVE-2021-44529.json index 76fa0ad3ce..f4a24c25c6 100644 --- a/2021/CVE-2021-44529.json +++ b/2021/CVE-2021-44529.json @@ -1,33 +1,4 @@ [ - { - "id": 473450134, - "name": "CVE-2021-44529", - "full_name": "jkana\/CVE-2021-44529", - "owner": { - "login": "jkana", - "id": 52318947, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52318947?v=4", - "html_url": "https:\/\/github.com\/jkana" - }, - "html_url": "https:\/\/github.com\/jkana\/CVE-2021-44529", - "description": "CVE-2021-44529 PoC", - "fork": false, - "created_at": "2022-03-24T03:58:16Z", - "updated_at": "2022-03-28T12:33:15Z", - "pushed_at": "2022-03-24T04:07:34Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - }, { "id": 482288380, "name": "CVE-2021-44529", diff --git a/2021/CVE-2021-44716.json b/2021/CVE-2021-44716.json new file mode 100644 index 0000000000..4be348cfd6 --- /dev/null +++ b/2021/CVE-2021-44716.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960336, + "name": "CVE-2021-44716", + "full_name": "Live-Hack-CVE\/CVE-2021-44716", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-44716", + "description": "net\/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP\/2 requests. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:59Z", + "updated_at": "2022-12-28T10:57:59Z", + "pushed_at": "2022-12-28T10:58:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-44827.json b/2021/CVE-2021-44827.json deleted file mode 100644 index e5f31d953e..0000000000 --- a/2021/CVE-2021-44827.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 437843261, - "name": "CVE-2021-44827", - "full_name": "full-disclosure\/CVE-2021-44827", - "owner": { - "login": "full-disclosure", - "id": 62108425, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/62108425?v=4", - "html_url": "https:\/\/github.com\/full-disclosure" - }, - "html_url": "https:\/\/github.com\/full-disclosure\/CVE-2021-44827", - "description": "A PoC for CVE-2021-44827 - authenticated remote code execution in Tp-link Archer C20i", - "fork": false, - "created_at": "2021-12-13T11:17:12Z", - "updated_at": "2022-03-29T07:23:25Z", - "pushed_at": "2022-03-02T16:36:54Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 3, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-45007.json b/2021/CVE-2021-45007.json deleted file mode 100644 index a25d750d91..0000000000 --- a/2021/CVE-2021-45007.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 461231807, - "name": "CVE-2021-45007", - "full_name": "AS4mir\/CVE-2021-45007", - "owner": { - "login": "AS4mir", - "id": 65978029, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/65978029?v=4", - "html_url": "https:\/\/github.com\/AS4mir" - }, - "html_url": "https:\/\/github.com\/AS4mir\/CVE-2021-45007", - "description": "Cross-Site Request Forgery", - "fork": false, - "created_at": "2022-02-19T15:28:59Z", - "updated_at": "2022-03-16T14:39:48Z", - "pushed_at": "2022-03-16T14:36:36Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-45008.json b/2021/CVE-2021-45008.json deleted file mode 100644 index 764829ccd4..0000000000 --- a/2021/CVE-2021-45008.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 461780034, - "name": "CVE-2021-45008", - "full_name": "AS4mir\/CVE-2021-45008", - "owner": { - "login": "AS4mir", - "id": 65978029, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/65978029?v=4", - "html_url": "https:\/\/github.com\/AS4mir" - }, - "html_url": "https:\/\/github.com\/AS4mir\/CVE-2021-45008", - "description": null, - "fork": false, - "created_at": "2022-02-21T09:00:38Z", - "updated_at": "2022-02-21T09:00:38Z", - "pushed_at": "2022-03-16T14:38:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-45010.json b/2021/CVE-2021-45010.json index 4b6a9bece6..e4fe4fce16 100644 --- a/2021/CVE-2021-45010.json +++ b/2021/CVE-2021-45010.json @@ -1,33 +1,4 @@ [ - { - "id": 471389764, - "name": "CVE-2021-45010-TinyFileManager-Exploit", - "full_name": "febinrev\/CVE-2021-45010-TinyFileManager-Exploit", - "owner": { - "login": "febinrev", - "id": 52229330, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52229330?v=4", - "html_url": "https:\/\/github.com\/febinrev" - }, - "html_url": "https:\/\/github.com\/febinrev\/CVE-2021-45010-TinyFileManager-Exploit", - "description": "A Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager Project’s Tiny File Manager <= 2.4.3 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot and achieve code execution on the target server.", - "fork": false, - "created_at": "2022-03-18T14:00:03Z", - "updated_at": "2022-03-18T18:35:40Z", - "pushed_at": "2022-03-18T18:35:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 580199819, "name": "CVE-2021-45010", diff --git a/2021/CVE-2021-45848.json b/2021/CVE-2021-45848.json new file mode 100644 index 0000000000..31cfc9aade --- /dev/null +++ b/2021/CVE-2021-45848.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923103, + "name": "CVE-2021-45848", + "full_name": "Live-Hack-CVE\/CVE-2021-45848", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-45848", + "description": "Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:44:12Z", + "updated_at": "2022-12-28T08:44:12Z", + "pushed_at": "2022-12-28T08:44:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-46398.json b/2021/CVE-2021-46398.json deleted file mode 100644 index c95d1ed883..0000000000 --- a/2021/CVE-2021-46398.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 472870293, - "name": "CVE-2021-46398_Chamilo-LMS-RCE", - "full_name": "febinrev\/CVE-2021-46398_Chamilo-LMS-RCE", - "owner": { - "login": "febinrev", - "id": 52229330, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52229330?v=4", - "html_url": "https:\/\/github.com\/febinrev" - }, - "html_url": "https:\/\/github.com\/febinrev\/CVE-2021-46398_Chamilo-LMS-RCE", - "description": "Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.", - "fork": false, - "created_at": "2022-03-22T17:35:38Z", - "updated_at": "2022-10-18T23:31:21Z", - "pushed_at": "2022-03-22T17:47:05Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 4, - "score": 0 - } -] \ No newline at end of file diff --git a/2021/CVE-2021-46837.json b/2021/CVE-2021-46837.json new file mode 100644 index 0000000000..901e36554c --- /dev/null +++ b/2021/CVE-2021-46837.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893205, + "name": "CVE-2021-46837", + "full_name": "Live-Hack-CVE\/CVE-2021-46837", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-46837", + "description": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-152 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:22Z", + "updated_at": "2022-12-28T06:46:22Z", + "pushed_at": "2022-12-28T06:46:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-46851.json b/2021/CVE-2021-46851.json new file mode 100644 index 0000000000..1b3f9f5859 --- /dev/null +++ b/2021/CVE-2021-46851.json @@ -0,0 +1,31 @@ +[ + { + "id": 582949114, + "name": "CVE-2021-46851", + "full_name": "Live-Hack-CVE\/CVE-2021-46851", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-46851", + "description": "The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:17:04Z", + "updated_at": "2022-12-28T10:17:04Z", + "pushed_at": "2022-12-28T10:17:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-46852.json b/2021/CVE-2021-46852.json new file mode 100644 index 0000000000..7862e51e0c --- /dev/null +++ b/2021/CVE-2021-46852.json @@ -0,0 +1,31 @@ +[ + { + "id": 582949090, + "name": "CVE-2021-46852", + "full_name": "Live-Hack-CVE\/CVE-2021-46852", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2021-46852", + "description": "The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:17:01Z", + "updated_at": "2022-12-28T10:17:01Z", + "pushed_at": "2022-12-28T10:17:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0031.json b/2022/CVE-2022-0031.json new file mode 100644 index 0000000000..5224323196 --- /dev/null +++ b/2022/CVE-2022-0031.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957968, + "name": "CVE-2022-0031", + "full_name": "Live-Hack-CVE\/CVE-2022-0031", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0031", + "description": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:49:25Z", + "updated_at": "2022-12-28T10:49:25Z", + "pushed_at": "2022-12-28T10:49:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0137.json b/2022/CVE-2022-0137.json new file mode 100644 index 0000000000..00f03930d5 --- /dev/null +++ b/2022/CVE-2022-0137.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902285, + "name": "CVE-2022-0137", + "full_name": "Live-Hack-CVE\/CVE-2022-0137", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0137", + "description": "A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:13Z", + "updated_at": "2022-12-28T07:23:13Z", + "pushed_at": "2022-12-28T07:23:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0171.json b/2022/CVE-2022-0171.json deleted file mode 100644 index e606ffeb23..0000000000 --- a/2022/CVE-2022-0171.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818937, - "name": "CVE-2022-0171", - "full_name": "Live-Hack-CVE\/CVE-2022-0171", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0171", - "description": "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:31:40Z", - "updated_at": "2022-12-28T00:31:40Z", - "pushed_at": "2022-12-28T00:31:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0174.json b/2022/CVE-2022-0174.json new file mode 100644 index 0000000000..4dd7926697 --- /dev/null +++ b/2022/CVE-2022-0174.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903376, + "name": "CVE-2022-0174", + "full_name": "Live-Hack-CVE\/CVE-2022-0174", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0174", + "description": "dolibarr is vulnerable to Business Logic Errors CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:36Z", + "updated_at": "2022-12-28T07:27:36Z", + "pushed_at": "2022-12-28T07:27:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0175.json b/2022/CVE-2022-0175.json new file mode 100644 index 0000000000..da83935dda --- /dev/null +++ b/2022/CVE-2022-0175.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983168, + "name": "CVE-2022-0175", + "full_name": "Live-Hack-CVE\/CVE-2022-0175", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0175", + "description": "A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclos CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:41Z", + "updated_at": "2022-12-28T12:20:41Z", + "pushed_at": "2022-12-28T12:20:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0213.json b/2022/CVE-2022-0213.json new file mode 100644 index 0000000000..821dff9243 --- /dev/null +++ b/2022/CVE-2022-0213.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971584, + "name": "CVE-2022-0213", + "full_name": "Live-Hack-CVE\/CVE-2022-0213", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0213", + "description": "vim is vulnerable to Heap-based Buffer Overflow CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:22Z", + "updated_at": "2022-12-28T11:39:22Z", + "pushed_at": "2022-12-28T11:39:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0222.json b/2022/CVE-2022-0222.json deleted file mode 100644 index 79b302aaec..0000000000 --- a/2022/CVE-2022-0222.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841354, - "name": "CVE-2022-0222", - "full_name": "Live-Hack-CVE\/CVE-2022-0222", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0222", - "description": "A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:03Z", - "updated_at": "2022-12-28T02:36:03Z", - "pushed_at": "2022-12-28T02:36:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0224.json b/2022/CVE-2022-0224.json new file mode 100644 index 0000000000..bb626794a1 --- /dev/null +++ b/2022/CVE-2022-0224.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903324, + "name": "CVE-2022-0224", + "full_name": "Live-Hack-CVE\/CVE-2022-0224", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0224", + "description": "dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:24Z", + "updated_at": "2022-12-28T07:27:24Z", + "pushed_at": "2022-12-28T07:27:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0235.json b/2022/CVE-2022-0235.json deleted file mode 100644 index 7e403d9811..0000000000 --- a/2022/CVE-2022-0235.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817756, - "name": "CVE-2022-0235", - "full_name": "Live-Hack-CVE\/CVE-2022-0235", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0235", - "description": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:25:06Z", - "updated_at": "2022-12-28T00:25:06Z", - "pushed_at": "2022-12-28T00:25:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0261.json b/2022/CVE-2022-0261.json new file mode 100644 index 0000000000..fac21134b5 --- /dev/null +++ b/2022/CVE-2022-0261.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971573, + "name": "CVE-2022-0261", + "full_name": "Live-Hack-CVE\/CVE-2022-0261", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0261", + "description": "Heap-based Buffer Overflow in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:18Z", + "updated_at": "2022-12-28T11:39:18Z", + "pushed_at": "2022-12-28T11:39:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0264.json b/2022/CVE-2022-0264.json new file mode 100644 index 0000000000..de1ff73daf --- /dev/null +++ b/2022/CVE-2022-0264.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934193, + "name": "CVE-2022-0264", + "full_name": "Live-Hack-CVE\/CVE-2022-0264", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0264", + "description": "A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitiga CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:01Z", + "updated_at": "2022-12-28T09:25:01Z", + "pushed_at": "2022-12-28T09:25:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0318.json b/2022/CVE-2022-0318.json deleted file mode 100644 index bdd511f987..0000000000 --- a/2022/CVE-2022-0318.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848362, - "name": "CVE-2022-0318", - "full_name": "Live-Hack-CVE\/CVE-2022-0318", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0318", - "description": "Heap-based Buffer Overflow in vim\/vim prior to 8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:17Z", - "updated_at": "2022-12-28T03:13:29Z", - "pushed_at": "2022-12-28T03:12:19Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0319.json b/2022/CVE-2022-0319.json new file mode 100644 index 0000000000..d6d2256123 --- /dev/null +++ b/2022/CVE-2022-0319.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971555, + "name": "CVE-2022-0319", + "full_name": "Live-Hack-CVE\/CVE-2022-0319", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0319", + "description": "Out-of-bounds Read in vim\/vim prior to 8.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:14Z", + "updated_at": "2022-12-28T11:39:14Z", + "pushed_at": "2022-12-28T11:39:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0324.json b/2022/CVE-2022-0324.json new file mode 100644 index 0000000000..db1d6213e5 --- /dev/null +++ b/2022/CVE-2022-0324.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902184, + "name": "CVE-2022-0324", + "full_name": "Live-Hack-CVE\/CVE-2022-0324", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0324", + "description": "There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:45Z", + "updated_at": "2022-12-28T07:22:45Z", + "pushed_at": "2022-12-28T07:22:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0351.json b/2022/CVE-2022-0351.json new file mode 100644 index 0000000000..4ad6f385f5 --- /dev/null +++ b/2022/CVE-2022-0351.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969494, + "name": "CVE-2022-0351", + "full_name": "Live-Hack-CVE\/CVE-2022-0351", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0351", + "description": "Access of Memory Location Before Start of Buffer in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:31:55Z", + "updated_at": "2022-12-28T11:31:56Z", + "pushed_at": "2022-12-28T11:31:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0359.json b/2022/CVE-2022-0359.json new file mode 100644 index 0000000000..d21e462272 --- /dev/null +++ b/2022/CVE-2022-0359.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969547, + "name": "CVE-2022-0359", + "full_name": "Live-Hack-CVE\/CVE-2022-0359", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0359", + "description": "Heap-based Buffer Overflow in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:07Z", + "updated_at": "2022-12-28T11:32:07Z", + "pushed_at": "2022-12-28T11:32:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0361.json b/2022/CVE-2022-0361.json new file mode 100644 index 0000000000..5688896940 --- /dev/null +++ b/2022/CVE-2022-0361.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969567, + "name": "CVE-2022-0361", + "full_name": "Live-Hack-CVE\/CVE-2022-0361", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0361", + "description": "Heap-based Buffer Overflow in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:11Z", + "updated_at": "2022-12-28T11:32:11Z", + "pushed_at": "2022-12-28T11:32:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0368.json b/2022/CVE-2022-0368.json new file mode 100644 index 0000000000..42e85ccc65 --- /dev/null +++ b/2022/CVE-2022-0368.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971545, + "name": "CVE-2022-0368", + "full_name": "Live-Hack-CVE\/CVE-2022-0368", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0368", + "description": "Out-of-bounds Read in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:39:10Z", + "updated_at": "2022-12-28T11:39:10Z", + "pushed_at": "2022-12-28T11:39:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0382.json b/2022/CVE-2022-0382.json deleted file mode 100644 index 0a71d74452..0000000000 --- a/2022/CVE-2022-0382.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582826276, - "name": "CVE-2022-0382", - "full_name": "Live-Hack-CVE\/CVE-2022-0382", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0382", - "description": "An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:15:15Z", - "updated_at": "2022-12-28T01:15:15Z", - "pushed_at": "2022-12-28T01:15:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0391.json b/2022/CVE-2022-0391.json new file mode 100644 index 0000000000..5d11599164 --- /dev/null +++ b/2022/CVE-2022-0391.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923678, + "name": "CVE-2022-0391", + "full_name": "Live-Hack-CVE\/CVE-2022-0391", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0391", + "description": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a cr CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:19Z", + "updated_at": "2022-12-28T08:46:19Z", + "pushed_at": "2022-12-28T08:46:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0392.json b/2022/CVE-2022-0392.json deleted file mode 100644 index 3d5f5e1322..0000000000 --- a/2022/CVE-2022-0392.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848350, - "name": "CVE-2022-0392", - "full_name": "Live-Hack-CVE\/CVE-2022-0392", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0392", - "description": "Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:13Z", - "updated_at": "2022-12-28T03:13:56Z", - "pushed_at": "2022-12-28T03:12:16Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0396.json b/2022/CVE-2022-0396.json new file mode 100644 index 0000000000..82b84af487 --- /dev/null +++ b/2022/CVE-2022-0396.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923088, + "name": "CVE-2022-0396", + "full_name": "Live-Hack-CVE\/CVE-2022-0396", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0396", + "description": "BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:44:08Z", + "updated_at": "2022-12-28T08:44:08Z", + "pushed_at": "2022-12-28T08:44:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0414.json b/2022/CVE-2022-0414.json new file mode 100644 index 0000000000..49473f4fee --- /dev/null +++ b/2022/CVE-2022-0414.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903291, + "name": "CVE-2022-0414", + "full_name": "Live-Hack-CVE\/CVE-2022-0414", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0414", + "description": "Business Logic Errors in Packagist dolibarr\/dolibarr prior to 16.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:17Z", + "updated_at": "2022-12-28T07:27:17Z", + "pushed_at": "2022-12-28T07:27:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0421.json b/2022/CVE-2022-0421.json deleted file mode 100644 index 34154d78e8..0000000000 --- a/2022/CVE-2022-0421.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865709, - "name": "CVE-2022-0421", - "full_name": "Live-Hack-CVE\/CVE-2022-0421", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0421", - "description": "The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:30Z", - "updated_at": "2022-12-28T04:43:30Z", - "pushed_at": "2022-12-28T04:43:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0485.json b/2022/CVE-2022-0485.json deleted file mode 100644 index 549a6400ef..0000000000 --- a/2022/CVE-2022-0485.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840429, - "name": "CVE-2022-0485", - "full_name": "Live-Hack-CVE\/CVE-2022-0485", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0485", - "description": "A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destinati CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:32Z", - "updated_at": "2022-12-28T02:31:32Z", - "pushed_at": "2022-12-28T02:31:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0554.json b/2022/CVE-2022-0554.json deleted file mode 100644 index 46cbfca6a7..0000000000 --- a/2022/CVE-2022-0554.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582831818, - "name": "CVE-2022-0554", - "full_name": "Live-Hack-CVE\/CVE-2022-0554", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0554", - "description": "Use of Out-of-range Pointer Offset in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:47:06Z", - "updated_at": "2022-12-28T01:47:06Z", - "pushed_at": "2022-12-28T01:47:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0561.json b/2022/CVE-2022-0561.json new file mode 100644 index 0000000000..63ecaa761f --- /dev/null +++ b/2022/CVE-2022-0561.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923341, + "name": "CVE-2022-0561", + "full_name": "Live-Hack-CVE\/CVE-2022-0561", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0561", + "description": "Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:45:09Z", + "updated_at": "2022-12-28T08:50:31Z", + "pushed_at": "2022-12-28T08:45:11Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0562.json b/2022/CVE-2022-0562.json new file mode 100644 index 0000000000..d327d868d1 --- /dev/null +++ b/2022/CVE-2022-0562.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923316, + "name": "CVE-2022-0562", + "full_name": "Live-Hack-CVE\/CVE-2022-0562", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0562", + "description": "Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:45:02Z", + "updated_at": "2022-12-28T08:45:02Z", + "pushed_at": "2022-12-28T08:45:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0613.json b/2022/CVE-2022-0613.json deleted file mode 100644 index 9b3c7fc0e8..0000000000 --- a/2022/CVE-2022-0613.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849451, - "name": "CVE-2022-0613", - "full_name": "Live-Hack-CVE\/CVE-2022-0613", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0613", - "description": "Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:50Z", - "updated_at": "2022-12-28T03:17:50Z", - "pushed_at": "2022-12-28T03:17:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0629.json b/2022/CVE-2022-0629.json deleted file mode 100644 index 5ad9c39c58..0000000000 --- a/2022/CVE-2022-0629.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582831953, - "name": "CVE-2022-0629", - "full_name": "Live-Hack-CVE\/CVE-2022-0629", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0629", - "description": "Stack-based Buffer Overflow in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:47:45Z", - "updated_at": "2022-12-28T01:47:45Z", - "pushed_at": "2022-12-28T01:47:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0696.json b/2022/CVE-2022-0696.json deleted file mode 100644 index 1a0504f04e..0000000000 --- a/2022/CVE-2022-0696.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848338, - "name": "CVE-2022-0696", - "full_name": "Live-Hack-CVE\/CVE-2022-0696", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0696", - "description": "NULL Pointer Dereference in GitHub repository vim\/vim prior to 8.2.4428. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:09Z", - "updated_at": "2022-12-28T03:12:09Z", - "pushed_at": "2022-12-28T03:12:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0698.json b/2022/CVE-2022-0698.json deleted file mode 100644 index ce7195dc9a..0000000000 --- a/2022/CVE-2022-0698.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841712, - "name": "CVE-2022-0698", - "full_name": "Live-Hack-CVE\/CVE-2022-0698", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0698", - "description": "Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:00Z", - "updated_at": "2022-12-28T02:38:00Z", - "pushed_at": "2022-12-28T02:38:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0714.json b/2022/CVE-2022-0714.json deleted file mode 100644 index 135865f606..0000000000 --- a/2022/CVE-2022-0714.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832024, - "name": "CVE-2022-0714", - "full_name": "Live-Hack-CVE\/CVE-2022-0714", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0714", - "description": "Heap-based Buffer Overflow in GitHub repository vim\/vim prior to 8.2.4436. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:04Z", - "updated_at": "2022-12-28T01:48:04Z", - "pushed_at": "2022-12-28T01:48:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-0731.json b/2022/CVE-2022-0731.json new file mode 100644 index 0000000000..55a877fa6a --- /dev/null +++ b/2022/CVE-2022-0731.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903360, + "name": "CVE-2022-0731", + "full_name": "Live-Hack-CVE\/CVE-2022-0731", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0731", + "description": "Improper Access Control (IDOR) in GitHub repository dolibarr\/dolibarr prior to 16.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:32Z", + "updated_at": "2022-12-28T07:27:32Z", + "pushed_at": "2022-12-28T07:27:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0746.json b/2022/CVE-2022-0746.json new file mode 100644 index 0000000000..35d562a05b --- /dev/null +++ b/2022/CVE-2022-0746.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903307, + "name": "CVE-2022-0746", + "full_name": "Live-Hack-CVE\/CVE-2022-0746", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0746", + "description": "Business Logic Errors in GitHub repository dolibarr\/dolibarr prior to 16.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:21Z", + "updated_at": "2022-12-28T07:27:21Z", + "pushed_at": "2022-12-28T07:27:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0778.json b/2022/CVE-2022-0778.json index d81bc40ee7..087cd1fa53 100644 --- a/2022/CVE-2022-0778.json +++ b/2022/CVE-2022-0778.json @@ -120,5 +120,34 @@ "forks": 2, "watchers": 2, "score": 0 + }, + { + "id": 582969099, + "name": "CVE-2022-0778", + "full_name": "Live-Hack-CVE\/CVE-2022-0778", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0778", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded i CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:33Z", + "updated_at": "2022-12-28T11:30:33Z", + "pushed_at": "2022-12-28T11:30:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-0819.json b/2022/CVE-2022-0819.json new file mode 100644 index 0000000000..348dd72779 --- /dev/null +++ b/2022/CVE-2022-0819.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903268, + "name": "CVE-2022-0819", + "full_name": "Live-Hack-CVE\/CVE-2022-0819", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0819", + "description": "Code Injection in GitHub repository dolibarr\/dolibarr prior to 15.0.1. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:13Z", + "updated_at": "2022-12-28T07:27:13Z", + "pushed_at": "2022-12-28T07:27:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-0847.json b/2022/CVE-2022-0847.json index 94da507580..cfa1ed2577 100644 --- a/2022/CVE-2022-0847.json +++ b/2022/CVE-2022-0847.json @@ -129,10 +129,10 @@ "description": "A root exploit for CVE-2022-0847 (Dirty Pipe)", "fork": false, "created_at": "2022-03-07T18:55:20Z", - "updated_at": "2022-12-24T04:36:17Z", + "updated_at": "2022-12-28T08:56:55Z", "pushed_at": "2022-03-08T06:20:05Z", - "stargazers_count": 1000, - "watchers_count": 1000, + "stargazers_count": 1001, + "watchers_count": 1001, "has_discussions": false, "forks_count": 216, "allow_forking": true, @@ -141,7 +141,7 @@ "topics": [], "visibility": "public", "forks": 216, - "watchers": 1000, + "watchers": 1001, "score": 0 }, { diff --git a/2022/CVE-2022-0924.json b/2022/CVE-2022-0924.json new file mode 100644 index 0000000000..7aa6638e60 --- /dev/null +++ b/2022/CVE-2022-0924.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923233, + "name": "CVE-2022-0924", + "full_name": "Live-Hack-CVE\/CVE-2022-0924", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-0924", + "description": "Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:44:41Z", + "updated_at": "2022-12-28T08:44:41Z", + "pushed_at": "2022-12-28T08:44:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-1056.json b/2022/CVE-2022-1056.json new file mode 100644 index 0000000000..e330a03661 --- /dev/null +++ b/2022/CVE-2022-1056.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922912, + "name": "CVE-2022-1056", + "full_name": "Live-Hack-CVE\/CVE-2022-1056", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1056", + "description": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:26Z", + "updated_at": "2022-12-28T08:43:26Z", + "pushed_at": "2022-12-28T08:43:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-1184.json b/2022/CVE-2022-1184.json deleted file mode 100644 index bc77a13517..0000000000 --- a/2022/CVE-2022-1184.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582881047, - "name": "CVE-2022-1184", - "full_name": "Live-Hack-CVE\/CVE-2022-1184", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1184", - "description": "A use-after-free flaw was found in fs\/ext4\/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:56:27Z", - "updated_at": "2022-12-28T05:56:27Z", - "pushed_at": "2022-12-28T05:56:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1203.json b/2022/CVE-2022-1203.json new file mode 100644 index 0000000000..8644f0a59e --- /dev/null +++ b/2022/CVE-2022-1203.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924269, + "name": "CVE-2022-1203", + "full_name": "Live-Hack-CVE\/CVE-2022-1203", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1203", + "description": "The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:33Z", + "updated_at": "2022-12-28T08:48:33Z", + "pushed_at": "2022-12-28T08:48:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-1210.json b/2022/CVE-2022-1210.json new file mode 100644 index 0000000000..a97ae77a69 --- /dev/null +++ b/2022/CVE-2022-1210.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922746, + "name": "CVE-2022-1210", + "full_name": "Live-Hack-CVE\/CVE-2022-1210", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1210", + "description": "A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:46Z", + "updated_at": "2022-12-28T08:42:46Z", + "pushed_at": "2022-12-28T08:42:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-1233.json b/2022/CVE-2022-1233.json deleted file mode 100644 index e119087f30..0000000000 --- a/2022/CVE-2022-1233.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849499, - "name": "CVE-2022-1233", - "full_name": "Live-Hack-CVE\/CVE-2022-1233", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1233", - "description": "URL Confusion When Scheme Not Supplied in GitHub repository medialize\/uri.js prior to 1.19.11. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:04Z", - "updated_at": "2022-12-28T03:18:04Z", - "pushed_at": "2022-12-28T03:18:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1270.json b/2022/CVE-2022-1270.json deleted file mode 100644 index 506725bc4f..0000000000 --- a/2022/CVE-2022-1270.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857800, - "name": "CVE-2022-1270", - "full_name": "Live-Hack-CVE\/CVE-2022-1270", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1270", - "description": "In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:54Z", - "updated_at": "2022-12-28T04:01:54Z", - "pushed_at": "2022-12-28T04:01:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1329.json b/2022/CVE-2022-1329.json index 1c6f8c9250..3cecfd7951 100644 --- a/2022/CVE-2022-1329.json +++ b/2022/CVE-2022-1329.json @@ -91,5 +91,34 @@ "forks": 1, "watchers": 2, "score": 0 + }, + { + "id": 582980581, + "name": "CVE-2022-1329", + "full_name": "Live-Hack-CVE\/CVE-2022-1329", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1329", + "description": "The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~\/core\/app\/modules\/onboarding\/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to o CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:45Z", + "updated_at": "2022-12-28T12:11:45Z", + "pushed_at": "2022-12-28T12:11:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-1365.json b/2022/CVE-2022-1365.json deleted file mode 100644 index 0d734170a7..0000000000 --- a/2022/CVE-2022-1365.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872453, - "name": "CVE-2022-1365", - "full_name": "Live-Hack-CVE\/CVE-2022-1365", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1365", - "description": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada\/cross-fetch prior to 3.1.5. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:41Z", - "updated_at": "2022-12-28T05:17:41Z", - "pushed_at": "2022-12-28T05:17:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1391.json b/2022/CVE-2022-1391.json new file mode 100644 index 0000000000..3d898ce8b6 --- /dev/null +++ b/2022/CVE-2022-1391.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968858, + "name": "CVE-2022-1391", + "full_name": "Live-Hack-CVE\/CVE-2022-1391", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1391", + "description": "The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:42Z", + "updated_at": "2022-12-28T11:29:42Z", + "pushed_at": "2022-12-28T11:29:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-1566.json b/2022/CVE-2022-1566.json new file mode 100644 index 0000000000..a34fb86f58 --- /dev/null +++ b/2022/CVE-2022-1566.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924662, + "name": "CVE-2022-1566", + "full_name": "Live-Hack-CVE\/CVE-2022-1566", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1566", + "description": "The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:08Z", + "updated_at": "2022-12-28T08:50:08Z", + "pushed_at": "2022-12-28T08:50:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-1578.json b/2022/CVE-2022-1578.json deleted file mode 100644 index b78f511639..0000000000 --- a/2022/CVE-2022-1578.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865696, - "name": "CVE-2022-1578", - "full_name": "Live-Hack-CVE\/CVE-2022-1578", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1578", - "description": "The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:27Z", - "updated_at": "2022-12-28T04:43:27Z", - "pushed_at": "2022-12-28T04:43:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1579.json b/2022/CVE-2022-1579.json deleted file mode 100644 index 2b7d696d9e..0000000000 --- a/2022/CVE-2022-1579.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865158, - "name": "CVE-2022-1579", - "full_name": "Live-Hack-CVE\/CVE-2022-1579", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1579", - "description": "The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:39Z", - "updated_at": "2022-12-28T04:40:39Z", - "pushed_at": "2022-12-28T04:40:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1581.json b/2022/CVE-2022-1581.json deleted file mode 100644 index cba25e989d..0000000000 --- a/2022/CVE-2022-1581.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865640, - "name": "CVE-2022-1581", - "full_name": "Live-Hack-CVE\/CVE-2022-1581", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1581", - "description": "The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:10Z", - "updated_at": "2022-12-28T04:43:10Z", - "pushed_at": "2022-12-28T04:43:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1606.json b/2022/CVE-2022-1606.json deleted file mode 100644 index 9f1d02c409..0000000000 --- a/2022/CVE-2022-1606.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832256, - "name": "CVE-2022-1606", - "full_name": "Live-Hack-CVE\/CVE-2022-1606", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1606", - "description": "Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:20Z", - "updated_at": "2022-12-28T01:49:20Z", - "pushed_at": "2022-12-28T01:49:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1619.json b/2022/CVE-2022-1619.json deleted file mode 100644 index 085fd2dcbb..0000000000 --- a/2022/CVE-2022-1619.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819519, - "name": "CVE-2022-1619", - "full_name": "Live-Hack-CVE\/CVE-2022-1619", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1619", - "description": "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim\/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:59Z", - "updated_at": "2022-12-28T00:35:00Z", - "pushed_at": "2022-12-28T00:35:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1621.json b/2022/CVE-2022-1621.json deleted file mode 100644 index 090a3d7e68..0000000000 --- a/2022/CVE-2022-1621.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849162, - "name": "CVE-2022-1621", - "full_name": "Live-Hack-CVE\/CVE-2022-1621", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1621", - "description": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim\/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:16:22Z", - "updated_at": "2022-12-28T03:16:22Z", - "pushed_at": "2022-12-28T03:16:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1623.json b/2022/CVE-2022-1623.json deleted file mode 100644 index 5059d5a9e5..0000000000 --- a/2022/CVE-2022-1623.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819374, - "name": "CVE-2022-1623", - "full_name": "Live-Hack-CVE\/CVE-2022-1623", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1623", - "description": "LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff\/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:03Z", - "updated_at": "2022-12-28T00:34:03Z", - "pushed_at": "2022-12-28T00:34:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1664.json b/2022/CVE-2022-1664.json deleted file mode 100644 index 275df9aca4..0000000000 --- a/2022/CVE-2022-1664.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819216, - "name": "CVE-2022-1664", - "full_name": "Live-Hack-CVE\/CVE-2022-1664", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1664", - "description": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory tra CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:11Z", - "updated_at": "2022-12-28T00:33:11Z", - "pushed_at": "2022-12-28T00:33:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1674.json b/2022/CVE-2022-1674.json deleted file mode 100644 index fd43d5c383..0000000000 --- a/2022/CVE-2022-1674.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582826434, - "name": "CVE-2022-1674", - "full_name": "Live-Hack-CVE\/CVE-2022-1674", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1674", - "description": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim\/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:16:08Z", - "updated_at": "2022-12-28T01:16:08Z", - "pushed_at": "2022-12-28T01:16:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1679.json b/2022/CVE-2022-1679.json deleted file mode 100644 index 332016c467..0000000000 --- a/2022/CVE-2022-1679.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818949, - "name": "CVE-2022-1679", - "full_name": "Live-Hack-CVE\/CVE-2022-1679", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1679", - "description": "A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:31:44Z", - "updated_at": "2022-12-28T00:31:44Z", - "pushed_at": "2022-12-28T00:31:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1785.json b/2022/CVE-2022-1785.json deleted file mode 100644 index ee6672425a..0000000000 --- a/2022/CVE-2022-1785.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582855984, - "name": "CVE-2022-1785", - "full_name": "Live-Hack-CVE\/CVE-2022-1785", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1785", - "description": "Out-of-bounds Write in GitHub repository vim\/vim prior to 8.2.4977. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:52:09Z", - "updated_at": "2022-12-28T03:52:09Z", - "pushed_at": "2022-12-28T03:52:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1897.json b/2022/CVE-2022-1897.json deleted file mode 100644 index 6a590999a3..0000000000 --- a/2022/CVE-2022-1897.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818684, - "name": "CVE-2022-1897", - "full_name": "Live-Hack-CVE\/CVE-2022-1897", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1897", - "description": "Out-of-bounds Write in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:30:17Z", - "updated_at": "2022-12-28T00:30:17Z", - "pushed_at": "2022-12-28T00:30:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1911.json b/2022/CVE-2022-1911.json deleted file mode 100644 index 4bacdc6929..0000000000 --- a/2022/CVE-2022-1911.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832234, - "name": "CVE-2022-1911", - "full_name": "Live-Hack-CVE\/CVE-2022-1911", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1911", - "description": "Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:12Z", - "updated_at": "2022-12-28T01:49:12Z", - "pushed_at": "2022-12-28T01:49:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-1928.json b/2022/CVE-2022-1928.json new file mode 100644 index 0000000000..0cea2c70a1 --- /dev/null +++ b/2022/CVE-2022-1928.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922615, + "name": "CVE-2022-1928", + "full_name": "Live-Hack-CVE\/CVE-2022-1928", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1928", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea\/gitea prior to 1.16.9. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:18Z", + "updated_at": "2022-12-28T08:42:18Z", + "pushed_at": "2022-12-28T08:42:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-1942.json b/2022/CVE-2022-1942.json deleted file mode 100644 index ff1386eab2..0000000000 --- a/2022/CVE-2022-1942.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849080, - "name": "CVE-2022-1942", - "full_name": "Live-Hack-CVE\/CVE-2022-1942", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-1942", - "description": "Heap-based Buffer Overflow in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:16:00Z", - "updated_at": "2022-12-28T03:16:00Z", - "pushed_at": "2022-12-28T03:16:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2000.json b/2022/CVE-2022-2000.json deleted file mode 100644 index 470b5f7716..0000000000 --- a/2022/CVE-2022-2000.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849098, - "name": "CVE-2022-2000", - "full_name": "Live-Hack-CVE\/CVE-2022-2000", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2000", - "description": "Out-of-bounds Write in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:16:07Z", - "updated_at": "2022-12-28T03:16:07Z", - "pushed_at": "2022-12-28T03:16:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20231.json b/2022/CVE-2022-20231.json new file mode 100644 index 0000000000..2cfeee7c97 --- /dev/null +++ b/2022/CVE-2022-20231.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959891, + "name": "CVE-2022-20231", + "full_name": "Live-Hack-CVE\/CVE-2022-20231", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20231", + "description": "In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211485702Referen CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:27Z", + "updated_at": "2022-12-28T10:56:27Z", + "pushed_at": "2022-12-28T10:56:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20364.json b/2022/CVE-2022-20364.json new file mode 100644 index 0000000000..2e948e4050 --- /dev/null +++ b/2022/CVE-2022-20364.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959934, + "name": "CVE-2022-20364", + "full_name": "Live-Hack-CVE\/CVE-2022-20364", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20364", + "description": "In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233606615References: N\/A CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:34Z", + "updated_at": "2022-12-28T10:56:34Z", + "pushed_at": "2022-12-28T10:56:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20409.json b/2022/CVE-2022-20409.json new file mode 100644 index 0000000000..a722ccb9c0 --- /dev/null +++ b/2022/CVE-2022-20409.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983121, + "name": "CVE-2022-20409", + "full_name": "Live-Hack-CVE\/CVE-2022-20409", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20409", + "description": "In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstre CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:30Z", + "updated_at": "2022-12-28T12:20:30Z", + "pushed_at": "2022-12-28T12:20:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20414.json b/2022/CVE-2022-20414.json new file mode 100644 index 0000000000..b0021394cd --- /dev/null +++ b/2022/CVE-2022-20414.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970396, + "name": "CVE-2022-20414", + "full_name": "Live-Hack-CVE\/CVE-2022-20414", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20414", + "description": "In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Androi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:09Z", + "updated_at": "2022-12-28T11:35:09Z", + "pushed_at": "2022-12-28T11:35:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2042.json b/2022/CVE-2022-2042.json new file mode 100644 index 0000000000..a6d118156d --- /dev/null +++ b/2022/CVE-2022-2042.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981054, + "name": "CVE-2022-2042", + "full_name": "Live-Hack-CVE\/CVE-2022-2042", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2042", + "description": "Use After Free in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:18Z", + "updated_at": "2022-12-28T12:13:18Z", + "pushed_at": "2022-12-28T12:13:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20421.json b/2022/CVE-2022-20421.json deleted file mode 100644 index c689897d7d..0000000000 --- a/2022/CVE-2022-20421.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818983, - "name": "CVE-2022-20421", - "full_name": "Live-Hack-CVE\/CVE-2022-20421", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20421", - "description": "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375Refer CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:31:55Z", - "updated_at": "2022-12-28T00:31:55Z", - "pushed_at": "2022-12-28T00:31:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20422.json b/2022/CVE-2022-20422.json deleted file mode 100644 index 85330b4200..0000000000 --- a/2022/CVE-2022-20422.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818998, - "name": "CVE-2022-20422", - "full_name": "Live-Hack-CVE\/CVE-2022-20422", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20422", - "description": "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-23754 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:31:59Z", - "updated_at": "2022-12-28T00:31:59Z", - "pushed_at": "2022-12-28T00:32:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20426.json b/2022/CVE-2022-20426.json new file mode 100644 index 0000000000..6fceb5aff7 --- /dev/null +++ b/2022/CVE-2022-20426.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970576, + "name": "CVE-2022-20426", + "full_name": "Live-Hack-CVE\/CVE-2022-20426", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20426", + "description": "In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:49Z", + "updated_at": "2022-12-28T11:35:49Z", + "pushed_at": "2022-12-28T11:35:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20427.json b/2022/CVE-2022-20427.json deleted file mode 100644 index 45ce3ba471..0000000000 --- a/2022/CVE-2022-20427.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872781, - "name": "CVE-2022-20427", - "full_name": "Live-Hack-CVE\/CVE-2022-20427", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20427", - "description": "In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N\/A CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:14Z", - "updated_at": "2022-12-28T05:19:14Z", - "pushed_at": "2022-12-28T05:19:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20428.json b/2022/CVE-2022-20428.json deleted file mode 100644 index 8d5c20ecb7..0000000000 --- a/2022/CVE-2022-20428.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872793, - "name": "CVE-2022-20428", - "full_name": "Live-Hack-CVE\/CVE-2022-20428", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20428", - "description": "In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411References: N\/A CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:17Z", - "updated_at": "2022-12-28T05:19:17Z", - "pushed_at": "2022-12-28T05:19:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20441.json b/2022/CVE-2022-20441.json new file mode 100644 index 0000000000..7aabc88bec --- /dev/null +++ b/2022/CVE-2022-20441.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970556, + "name": "CVE-2022-20441", + "full_name": "Live-Hack-CVE\/CVE-2022-20441", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20441", + "description": "In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Pr CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:46Z", + "updated_at": "2022-12-28T11:35:46Z", + "pushed_at": "2022-12-28T11:35:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20445.json b/2022/CVE-2022-20445.json new file mode 100644 index 0000000000..b8262aa425 --- /dev/null +++ b/2022/CVE-2022-20445.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970474, + "name": "CVE-2022-20445", + "full_name": "Live-Hack-CVE\/CVE-2022-20445", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20445", + "description": "In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 And CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:26Z", + "updated_at": "2022-12-28T11:35:26Z", + "pushed_at": "2022-12-28T11:35:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20446.json b/2022/CVE-2022-20446.json new file mode 100644 index 0000000000..d78c4abfdc --- /dev/null +++ b/2022/CVE-2022-20446.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970381, + "name": "CVE-2022-20446", + "full_name": "Live-Hack-CVE\/CVE-2022-20446", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20446", + "description": "In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: An CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:05Z", + "updated_at": "2022-12-28T11:35:05Z", + "pushed_at": "2022-12-28T11:35:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20447.json b/2022/CVE-2022-20447.json new file mode 100644 index 0000000000..a917b1df0b --- /dev/null +++ b/2022/CVE-2022-20447.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971044, + "name": "CVE-2022-20447", + "full_name": "Live-Hack-CVE\/CVE-2022-20447", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20447", + "description": "In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233604485 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:24Z", + "updated_at": "2022-12-28T11:37:24Z", + "pushed_at": "2022-12-28T11:37:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20448.json b/2022/CVE-2022-20448.json new file mode 100644 index 0000000000..d7daaf8a9e --- /dev/null +++ b/2022/CVE-2022-20448.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970986, + "name": "CVE-2022-20448", + "full_name": "Live-Hack-CVE\/CVE-2022-20448", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20448", + "description": "In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:13Z", + "updated_at": "2022-12-28T11:37:13Z", + "pushed_at": "2022-12-28T11:37:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20450.json b/2022/CVE-2022-20450.json new file mode 100644 index 0000000000..07804b4f58 --- /dev/null +++ b/2022/CVE-2022-20450.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970691, + "name": "CVE-2022-20450", + "full_name": "Live-Hack-CVE\/CVE-2022-20450", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20450", + "description": "In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:13Z", + "updated_at": "2022-12-28T11:36:13Z", + "pushed_at": "2022-12-28T11:36:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20451.json b/2022/CVE-2022-20451.json new file mode 100644 index 0000000000..67c6aa374e --- /dev/null +++ b/2022/CVE-2022-20451.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970668, + "name": "CVE-2022-20451", + "full_name": "Live-Hack-CVE\/CVE-2022-20451", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20451", + "description": "In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Androi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:08Z", + "updated_at": "2022-12-28T11:36:08Z", + "pushed_at": "2022-12-28T11:36:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20452.json b/2022/CVE-2022-20452.json new file mode 100644 index 0000000000..acf60f764a --- /dev/null +++ b/2022/CVE-2022-20452.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970614, + "name": "CVE-2022-20452", + "full_name": "Live-Hack-CVE\/CVE-2022-20452", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20452", + "description": "In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:56Z", + "updated_at": "2022-12-28T11:35:56Z", + "pushed_at": "2022-12-28T11:35:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20453.json b/2022/CVE-2022-20453.json new file mode 100644 index 0000000000..1b8fcdf895 --- /dev/null +++ b/2022/CVE-2022-20453.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970209, + "name": "CVE-2022-20453", + "full_name": "Live-Hack-CVE\/CVE-2022-20453", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20453", + "description": "In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-1 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:34:28Z", + "updated_at": "2022-12-28T11:34:28Z", + "pushed_at": "2022-12-28T11:34:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20454.json b/2022/CVE-2022-20454.json new file mode 100644 index 0000000000..9c4527e1f0 --- /dev/null +++ b/2022/CVE-2022-20454.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970103, + "name": "CVE-2022-20454", + "full_name": "Live-Hack-CVE\/CVE-2022-20454", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20454", + "description": "In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:34:07Z", + "updated_at": "2022-12-28T11:34:07Z", + "pushed_at": "2022-12-28T11:34:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20457.json b/2022/CVE-2022-20457.json new file mode 100644 index 0000000000..d4cf2adf85 --- /dev/null +++ b/2022/CVE-2022-20457.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970292, + "name": "CVE-2022-20457", + "full_name": "Live-Hack-CVE\/CVE-2022-20457", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20457", + "description": "In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:34:46Z", + "updated_at": "2022-12-28T11:34:46Z", + "pushed_at": "2022-12-28T11:34:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20459.json b/2022/CVE-2022-20459.json deleted file mode 100644 index 6210ea9a31..0000000000 --- a/2022/CVE-2022-20459.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872756, - "name": "CVE-2022-20459", - "full_name": "Live-Hack-CVE\/CVE-2022-20459", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20459", - "description": "In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239556260References: N\/A CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:07Z", - "updated_at": "2022-12-28T05:19:07Z", - "pushed_at": "2022-12-28T05:19:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20460.json b/2022/CVE-2022-20460.json deleted file mode 100644 index 159d38d0bf..0000000000 --- a/2022/CVE-2022-20460.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872764, - "name": "CVE-2022-20460", - "full_name": "Live-Hack-CVE\/CVE-2022-20460", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20460", - "description": "In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-23955754 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:10Z", - "updated_at": "2022-12-28T05:19:10Z", - "pushed_at": "2022-12-28T05:19:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20462.json b/2022/CVE-2022-20462.json new file mode 100644 index 0000000000..683e3122c5 --- /dev/null +++ b/2022/CVE-2022-20462.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970175, + "name": "CVE-2022-20462", + "full_name": "Live-Hack-CVE\/CVE-2022-20462", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20462", + "description": "In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:34:21Z", + "updated_at": "2022-12-28T11:34:21Z", + "pushed_at": "2022-12-28T11:34:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20465.json b/2022/CVE-2022-20465.json new file mode 100644 index 0000000000..2b9ceeb7b5 --- /dev/null +++ b/2022/CVE-2022-20465.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970191, + "name": "CVE-2022-20465", + "full_name": "Live-Hack-CVE\/CVE-2022-20465", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20465", + "description": "In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:34:25Z", + "updated_at": "2022-12-28T11:34:25Z", + "pushed_at": "2022-12-28T11:34:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20472.json b/2022/CVE-2022-20472.json index 2a0b7ee0c6..4c47d7436c 100644 --- a/2022/CVE-2022-20472.json +++ b/2022/CVE-2022-20472.json @@ -13,8 +13,8 @@ "description": null, "fork": false, "created_at": "2022-12-28T06:23:26Z", - "updated_at": "2022-12-28T06:23:26Z", - "pushed_at": "2022-12-28T06:23:26Z", + "updated_at": "2022-12-28T06:25:44Z", + "pushed_at": "2022-12-28T06:26:34Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2022/CVE-2022-2060.json b/2022/CVE-2022-2060.json new file mode 100644 index 0000000000..0ffea38a7d --- /dev/null +++ b/2022/CVE-2022-2060.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903338, + "name": "CVE-2022-2060", + "full_name": "Live-Hack-CVE\/CVE-2022-2060", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2060", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr\/dolibarr prior to 16.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:28Z", + "updated_at": "2022-12-28T07:27:28Z", + "pushed_at": "2022-12-28T07:27:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20772.json b/2022/CVE-2022-20772.json new file mode 100644 index 0000000000..3964719cb1 --- /dev/null +++ b/2022/CVE-2022-20772.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982083, + "name": "CVE-2022-20772", + "full_name": "Live-Hack-CVE\/CVE-2022-20772", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20772", + "description": "A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:54Z", + "updated_at": "2022-12-28T12:16:54Z", + "pushed_at": "2022-12-28T12:16:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20775.json b/2022/CVE-2022-20775.json new file mode 100644 index 0000000000..143840ba26 --- /dev/null +++ b/2022/CVE-2022-20775.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959966, + "name": "CVE-2022-20775", + "full_name": "Live-Hack-CVE\/CVE-2022-20775", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20775", + "description": "Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the a CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:40Z", + "updated_at": "2022-12-28T10:56:41Z", + "pushed_at": "2022-12-28T10:56:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20812.json b/2022/CVE-2022-20812.json new file mode 100644 index 0000000000..0a561fe743 --- /dev/null +++ b/2022/CVE-2022-20812.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959945, + "name": "CVE-2022-20812", + "full_name": "Live-Hack-CVE\/CVE-2022-20812", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20812", + "description": "Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers t CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:37Z", + "updated_at": "2022-12-28T10:56:37Z", + "pushed_at": "2022-12-28T10:56:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20826.json b/2022/CVE-2022-20826.json new file mode 100644 index 0000000000..8bb9d6483d --- /dev/null +++ b/2022/CVE-2022-20826.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892200, + "name": "CVE-2022-20826", + "full_name": "Live-Hack-CVE\/CVE-2022-20826", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20826", + "description": "A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. T CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:25Z", + "updated_at": "2022-12-28T06:42:25Z", + "pushed_at": "2022-12-28T06:42:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20831.json b/2022/CVE-2022-20831.json new file mode 100644 index 0000000000..49ccf80252 --- /dev/null +++ b/2022/CVE-2022-20831.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893683, + "name": "CVE-2022-20831", + "full_name": "Live-Hack-CVE\/CVE-2022-20831", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20831", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:48:15Z", + "updated_at": "2022-12-28T06:48:15Z", + "pushed_at": "2022-12-28T06:48:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20832.json b/2022/CVE-2022-20832.json new file mode 100644 index 0000000000..bf581ca572 --- /dev/null +++ b/2022/CVE-2022-20832.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892342, + "name": "CVE-2022-20832", + "full_name": "Live-Hack-CVE\/CVE-2022-20832", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20832", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:56Z", + "updated_at": "2022-12-28T06:42:56Z", + "pushed_at": "2022-12-28T06:42:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20833.json b/2022/CVE-2022-20833.json new file mode 100644 index 0000000000..4ef354cb62 --- /dev/null +++ b/2022/CVE-2022-20833.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892305, + "name": "CVE-2022-20833", + "full_name": "Live-Hack-CVE\/CVE-2022-20833", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20833", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:46Z", + "updated_at": "2022-12-28T06:42:46Z", + "pushed_at": "2022-12-28T06:42:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20834.json b/2022/CVE-2022-20834.json new file mode 100644 index 0000000000..1343abeec7 --- /dev/null +++ b/2022/CVE-2022-20834.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892218, + "name": "CVE-2022-20834", + "full_name": "Live-Hack-CVE\/CVE-2022-20834", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20834", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:28Z", + "updated_at": "2022-12-28T06:42:28Z", + "pushed_at": "2022-12-28T06:42:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20835.json b/2022/CVE-2022-20835.json new file mode 100644 index 0000000000..4e5aa61dd7 --- /dev/null +++ b/2022/CVE-2022-20835.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892234, + "name": "CVE-2022-20835", + "full_name": "Live-Hack-CVE\/CVE-2022-20835", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20835", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:32Z", + "updated_at": "2022-12-28T06:42:32Z", + "pushed_at": "2022-12-28T06:42:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20836.json b/2022/CVE-2022-20836.json new file mode 100644 index 0000000000..544e702dcf --- /dev/null +++ b/2022/CVE-2022-20836.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892268, + "name": "CVE-2022-20836", + "full_name": "Live-Hack-CVE\/CVE-2022-20836", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20836", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:39Z", + "updated_at": "2022-12-28T06:42:39Z", + "pushed_at": "2022-12-28T06:42:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20838.json b/2022/CVE-2022-20838.json new file mode 100644 index 0000000000..46f92d0a41 --- /dev/null +++ b/2022/CVE-2022-20838.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892315, + "name": "CVE-2022-20838", + "full_name": "Live-Hack-CVE\/CVE-2022-20838", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20838", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:49Z", + "updated_at": "2022-12-28T06:42:49Z", + "pushed_at": "2022-12-28T06:42:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20839.json b/2022/CVE-2022-20839.json new file mode 100644 index 0000000000..7a6f1d1942 --- /dev/null +++ b/2022/CVE-2022-20839.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892284, + "name": "CVE-2022-20839", + "full_name": "Live-Hack-CVE\/CVE-2022-20839", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20839", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:42Z", + "updated_at": "2022-12-28T06:42:42Z", + "pushed_at": "2022-12-28T06:42:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20840.json b/2022/CVE-2022-20840.json new file mode 100644 index 0000000000..d8e471be48 --- /dev/null +++ b/2022/CVE-2022-20840.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892329, + "name": "CVE-2022-20840", + "full_name": "Live-Hack-CVE\/CVE-2022-20840", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20840", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:53Z", + "updated_at": "2022-12-28T06:42:53Z", + "pushed_at": "2022-12-28T06:42:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20843.json b/2022/CVE-2022-20843.json new file mode 100644 index 0000000000..32721550ad --- /dev/null +++ b/2022/CVE-2022-20843.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892256, + "name": "CVE-2022-20843", + "full_name": "Live-Hack-CVE\/CVE-2022-20843", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20843", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:36Z", + "updated_at": "2022-12-28T06:42:36Z", + "pushed_at": "2022-12-28T06:42:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20854.json b/2022/CVE-2022-20854.json new file mode 100644 index 0000000000..32f8d57ce7 --- /dev/null +++ b/2022/CVE-2022-20854.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902010, + "name": "CVE-2022-20854", + "full_name": "Live-Hack-CVE\/CVE-2022-20854", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20854", + "description": "A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:06Z", + "updated_at": "2022-12-28T07:22:06Z", + "pushed_at": "2022-12-28T07:22:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20867.json b/2022/CVE-2022-20867.json new file mode 100644 index 0000000000..2d5ae2f661 --- /dev/null +++ b/2022/CVE-2022-20867.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982135, + "name": "CVE-2022-20867", + "full_name": "Live-Hack-CVE\/CVE-2022-20867", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20867", + "description": "A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This v CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:04Z", + "updated_at": "2022-12-28T12:17:04Z", + "pushed_at": "2022-12-28T12:17:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20868.json b/2022/CVE-2022-20868.json new file mode 100644 index 0000000000..62a6d92f13 --- /dev/null +++ b/2022/CVE-2022-20868.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982189, + "name": "CVE-2022-20868", + "full_name": "Live-Hack-CVE\/CVE-2022-20868", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20868", + "description": "A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This v CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:16Z", + "updated_at": "2022-12-28T12:17:16Z", + "pushed_at": "2022-12-28T12:17:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20872.json b/2022/CVE-2022-20872.json new file mode 100644 index 0000000000..1e4da75453 --- /dev/null +++ b/2022/CVE-2022-20872.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892359, + "name": "CVE-2022-20872", + "full_name": "Live-Hack-CVE\/CVE-2022-20872", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20872", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:59Z", + "updated_at": "2022-12-28T06:42:59Z", + "pushed_at": "2022-12-28T06:43:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20905.json b/2022/CVE-2022-20905.json new file mode 100644 index 0000000000..b84459efa2 --- /dev/null +++ b/2022/CVE-2022-20905.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892414, + "name": "CVE-2022-20905", + "full_name": "Live-Hack-CVE\/CVE-2022-20905", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20905", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:14Z", + "updated_at": "2022-12-28T06:43:14Z", + "pushed_at": "2022-12-28T06:43:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20918.json b/2022/CVE-2022-20918.json deleted file mode 100644 index 7d280dbd23..0000000000 --- a/2022/CVE-2022-20918.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873660, - "name": "CVE-2022-20918", - "full_name": "Live-Hack-CVE\/CVE-2022-20918", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20918", - "description": "A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, r CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:39Z", - "updated_at": "2022-12-28T05:22:39Z", - "pushed_at": "2022-12-28T05:22:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20922.json b/2022/CVE-2022-20922.json deleted file mode 100644 index 25fec89af7..0000000000 --- a/2022/CVE-2022-20922.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873668, - "name": "CVE-2022-20922", - "full_name": "Live-Hack-CVE\/CVE-2022-20922", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20922", - "description": "Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:42Z", - "updated_at": "2022-12-28T05:22:42Z", - "pushed_at": "2022-12-28T05:22:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20924.json b/2022/CVE-2022-20924.json deleted file mode 100644 index 9bb7a9b2e5..0000000000 --- a/2022/CVE-2022-20924.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873109, - "name": "CVE-2022-20924", - "full_name": "Live-Hack-CVE\/CVE-2022-20924", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20924", - "description": "A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to in CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:21Z", - "updated_at": "2022-12-28T05:20:21Z", - "pushed_at": "2022-12-28T05:20:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20925.json b/2022/CVE-2022-20925.json deleted file mode 100644 index 3d4a57ad0a..0000000000 --- a/2022/CVE-2022-20925.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873681, - "name": "CVE-2022-20925", - "full_name": "Live-Hack-CVE\/CVE-2022-20925", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20925", - "description": "A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoint CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:46Z", - "updated_at": "2022-12-28T05:22:46Z", - "pushed_at": "2022-12-28T05:22:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20926.json b/2022/CVE-2022-20926.json deleted file mode 100644 index 506773d9fc..0000000000 --- a/2022/CVE-2022-20926.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873770, - "name": "CVE-2022-20926", - "full_name": "Live-Hack-CVE\/CVE-2022-20926", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20926", - "description": "A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoint CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:14Z", - "updated_at": "2022-12-28T05:23:14Z", - "pushed_at": "2022-12-28T05:23:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20927.json b/2022/CVE-2022-20927.json deleted file mode 100644 index cbe86a9d0b..0000000000 --- a/2022/CVE-2022-20927.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873094, - "name": "CVE-2022-20927", - "full_name": "Live-Hack-CVE\/CVE-2022-20927", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20927", - "description": "A vulnerability in the SSL\/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a dev CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:17Z", - "updated_at": "2022-12-28T05:20:17Z", - "pushed_at": "2022-12-28T05:20:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20932.json b/2022/CVE-2022-20932.json new file mode 100644 index 0000000000..51f2236faf --- /dev/null +++ b/2022/CVE-2022-20932.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892393, + "name": "CVE-2022-20932", + "full_name": "Live-Hack-CVE\/CVE-2022-20932", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20932", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:06Z", + "updated_at": "2022-12-28T06:43:06Z", + "pushed_at": "2022-12-28T06:43:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20934.json b/2022/CVE-2022-20934.json deleted file mode 100644 index 98287747c9..0000000000 --- a/2022/CVE-2022-20934.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849636, - "name": "CVE-2022-20934", - "full_name": "Live-Hack-CVE\/CVE-2022-20934", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20934", - "description": "A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could e CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:46Z", - "updated_at": "2022-12-28T03:18:46Z", - "pushed_at": "2022-12-28T03:18:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20935.json b/2022/CVE-2022-20935.json new file mode 100644 index 0000000000..18ed28a6ed --- /dev/null +++ b/2022/CVE-2022-20935.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892380, + "name": "CVE-2022-20935", + "full_name": "Live-Hack-CVE\/CVE-2022-20935", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20935", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:03Z", + "updated_at": "2022-12-28T06:43:03Z", + "pushed_at": "2022-12-28T06:43:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20936.json b/2022/CVE-2022-20936.json new file mode 100644 index 0000000000..692965d83b --- /dev/null +++ b/2022/CVE-2022-20936.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892401, + "name": "CVE-2022-20936", + "full_name": "Live-Hack-CVE\/CVE-2022-20936", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20936", + "description": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient vali CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:10Z", + "updated_at": "2022-12-28T06:43:10Z", + "pushed_at": "2022-12-28T06:43:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20940.json b/2022/CVE-2022-20940.json deleted file mode 100644 index 1900c0f154..0000000000 --- a/2022/CVE-2022-20940.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873077, - "name": "CVE-2022-20940", - "full_name": "Live-Hack-CVE\/CVE-2022-20940", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20940", - "description": "A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption polici CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:14Z", - "updated_at": "2022-12-28T05:20:14Z", - "pushed_at": "2022-12-28T05:20:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20942.json b/2022/CVE-2022-20942.json new file mode 100644 index 0000000000..3f0fd2b6cf --- /dev/null +++ b/2022/CVE-2022-20942.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982175, + "name": "CVE-2022-20942", + "full_name": "Live-Hack-CVE\/CVE-2022-20942", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20942", + "description": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:12Z", + "updated_at": "2022-12-28T12:17:12Z", + "pushed_at": "2022-12-28T12:17:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20943.json b/2022/CVE-2022-20943.json deleted file mode 100644 index 4d88f71018..0000000000 --- a/2022/CVE-2022-20943.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871684, - "name": "CVE-2022-20943", - "full_name": "Live-Hack-CVE\/CVE-2022-20943", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20943", - "description": "Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:14:06Z", - "updated_at": "2022-12-28T05:14:06Z", - "pushed_at": "2022-12-28T05:14:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20946.json b/2022/CVE-2022-20946.json deleted file mode 100644 index 9d7544e50d..0000000000 --- a/2022/CVE-2022-20946.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873065, - "name": "CVE-2022-20946", - "full_name": "Live-Hack-CVE\/CVE-2022-20946", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20946", - "description": "A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs wh CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:10Z", - "updated_at": "2022-12-28T05:20:10Z", - "pushed_at": "2022-12-28T05:20:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20949.json b/2022/CVE-2022-20949.json deleted file mode 100644 index c4bd2341dd..0000000000 --- a/2022/CVE-2022-20949.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873040, - "name": "CVE-2022-20949", - "full_name": "Live-Hack-CVE\/CVE-2022-20949", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20949", - "description": "A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:07Z", - "updated_at": "2022-12-28T05:20:07Z", - "pushed_at": "2022-12-28T05:20:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20950.json b/2022/CVE-2022-20950.json deleted file mode 100644 index bd65cfd9ea..0000000000 --- a/2022/CVE-2022-20950.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873020, - "name": "CVE-2022-20950", - "full_name": "Live-Hack-CVE\/CVE-2022-20950", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20950", - "description": "A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:04Z", - "updated_at": "2022-12-28T05:20:04Z", - "pushed_at": "2022-12-28T05:20:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-20956.json b/2022/CVE-2022-20956.json new file mode 100644 index 0000000000..e780b9816d --- /dev/null +++ b/2022/CVE-2022-20956.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981634, + "name": "CVE-2022-20956", + "full_name": "Live-Hack-CVE\/CVE-2022-20956", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20956", + "description": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:20Z", + "updated_at": "2022-12-28T12:15:20Z", + "pushed_at": "2022-12-28T12:15:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20958.json b/2022/CVE-2022-20958.json new file mode 100644 index 0000000000..7e7248b548 --- /dev/null +++ b/2022/CVE-2022-20958.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981649, + "name": "CVE-2022-20958", + "full_name": "Live-Hack-CVE\/CVE-2022-20958", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20958", + "description": "A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exp CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:23Z", + "updated_at": "2022-12-28T12:15:23Z", + "pushed_at": "2022-12-28T12:15:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20960.json b/2022/CVE-2022-20960.json new file mode 100644 index 0000000000..848dcf0959 --- /dev/null +++ b/2022/CVE-2022-20960.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981663, + "name": "CVE-2022-20960", + "full_name": "Live-Hack-CVE\/CVE-2022-20960", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20960", + "description": "A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An att CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:27Z", + "updated_at": "2022-12-28T12:15:27Z", + "pushed_at": "2022-12-28T12:15:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20961.json b/2022/CVE-2022-20961.json new file mode 100644 index 0000000000..92d5644826 --- /dev/null +++ b/2022/CVE-2022-20961.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981680, + "name": "CVE-2022-20961", + "full_name": "Live-Hack-CVE\/CVE-2022-20961", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20961", + "description": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web- CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:30Z", + "updated_at": "2022-12-28T12:15:30Z", + "pushed_at": "2022-12-28T12:15:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20962.json b/2022/CVE-2022-20962.json new file mode 100644 index 0000000000..5184058c18 --- /dev/null +++ b/2022/CVE-2022-20962.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981855, + "name": "CVE-2022-20962", + "full_name": "Live-Hack-CVE\/CVE-2022-20962", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20962", + "description": "A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sen CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:11Z", + "updated_at": "2022-12-28T12:16:11Z", + "pushed_at": "2022-12-28T12:16:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20963.json b/2022/CVE-2022-20963.json new file mode 100644 index 0000000000..e51d86315e --- /dev/null +++ b/2022/CVE-2022-20963.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981874, + "name": "CVE-2022-20963", + "full_name": "Live-Hack-CVE\/CVE-2022-20963", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20963", + "description": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of u CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:14Z", + "updated_at": "2022-12-28T12:16:14Z", + "pushed_at": "2022-12-28T12:16:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20969.json b/2022/CVE-2022-20969.json new file mode 100644 index 0000000000..e59460f857 --- /dev/null +++ b/2022/CVE-2022-20969.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981905, + "name": "CVE-2022-20969", + "full_name": "Live-Hack-CVE\/CVE-2022-20969", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-20969", + "description": "A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:21Z", + "updated_at": "2022-12-28T12:16:21Z", + "pushed_at": "2022-12-28T12:16:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21126.json b/2022/CVE-2022-21126.json deleted file mode 100644 index b1e10e7700..0000000000 --- a/2022/CVE-2022-21126.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833595, - "name": "CVE-2022-21126", - "full_name": "Live-Hack-CVE\/CVE-2022-21126", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21126", - "description": "The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util\/IOUtil.java not checking for the existence of the temporary directory before attempting to create it. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:29Z", - "updated_at": "2022-12-28T01:56:29Z", - "pushed_at": "2022-12-28T01:56:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-21198.json b/2022/CVE-2022-21198.json new file mode 100644 index 0000000000..e406841b8e --- /dev/null +++ b/2022/CVE-2022-21198.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892748, + "name": "CVE-2022-21198", + "full_name": "Live-Hack-CVE\/CVE-2022-21198", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21198", + "description": "Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:32Z", + "updated_at": "2022-12-28T06:44:32Z", + "pushed_at": "2022-12-28T06:44:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2129.json b/2022/CVE-2022-2129.json deleted file mode 100644 index bdd5cd451a..0000000000 --- a/2022/CVE-2022-2129.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848996, - "name": "CVE-2022-2129", - "full_name": "Live-Hack-CVE\/CVE-2022-2129", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2129", - "description": "Out-of-bounds Write in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:15:31Z", - "updated_at": "2022-12-28T03:15:31Z", - "pushed_at": "2022-12-28T03:15:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-21595.json b/2022/CVE-2022-21595.json new file mode 100644 index 0000000000..46814e1316 --- /dev/null +++ b/2022/CVE-2022-21595.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980951, + "name": "CVE-2022-21595", + "full_name": "Live-Hack-CVE\/CVE-2022-21595", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21595", + "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:00Z", + "updated_at": "2022-12-28T12:13:00Z", + "pushed_at": "2022-12-28T12:13:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2166.json b/2022/CVE-2022-2166.json new file mode 100644 index 0000000000..b180a10c16 --- /dev/null +++ b/2022/CVE-2022-2166.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913288, + "name": "CVE-2022-2166", + "full_name": "Live-Hack-CVE\/CVE-2022-2166", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2166", + "description": "Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon\/mastodon prior to 4.0.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:30Z", + "updated_at": "2022-12-28T08:06:30Z", + "pushed_at": "2022-12-28T08:06:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21680.json b/2022/CVE-2022-21680.json new file mode 100644 index 0000000000..d47e1c8fe4 --- /dev/null +++ b/2022/CVE-2022-21680.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934951, + "name": "CVE-2022-21680", + "full_name": "Live-Hack-CVE\/CVE-2022-21680", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21680", + "description": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker w CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:27Z", + "updated_at": "2022-12-28T09:27:27Z", + "pushed_at": "2022-12-28T09:27:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21681.json b/2022/CVE-2022-21681.json new file mode 100644 index 0000000000..30a8acb229 --- /dev/null +++ b/2022/CVE-2022-21681.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934934, + "name": "CVE-2022-21681", + "full_name": "Live-Hack-CVE\/CVE-2022-21681", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21681", + "description": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:27:24Z", + "updated_at": "2022-12-28T09:27:24Z", + "pushed_at": "2022-12-28T09:27:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21722.json b/2022/CVE-2022-21722.json new file mode 100644 index 0000000000..9a9e87a0c7 --- /dev/null +++ b/2022/CVE-2022-21722.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893456, + "name": "CVE-2022-21722", + "full_name": "Live-Hack-CVE\/CVE-2022-21722", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21722", + "description": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP\/RTCP packets can potentially cause out-of-bound rea CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:23Z", + "updated_at": "2022-12-28T06:47:23Z", + "pushed_at": "2022-12-28T06:47:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21723.json b/2022/CVE-2022-21723.json new file mode 100644 index 0000000000..f42dd9a0de --- /dev/null +++ b/2022/CVE-2022-21723.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893468, + "name": "CVE-2022-21723", + "full_name": "Live-Hack-CVE\/CVE-2022-21723", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21723", + "description": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:26Z", + "updated_at": "2022-12-28T06:47:26Z", + "pushed_at": "2022-12-28T06:47:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21724.json b/2022/CVE-2022-21724.json new file mode 100644 index 0000000000..eaed1ceefb --- /dev/null +++ b/2022/CVE-2022-21724.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960322, + "name": "CVE-2022-21724", + "full_name": "Live-Hack-CVE\/CVE-2022-21724", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21724", + "description": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:56Z", + "updated_at": "2022-12-28T10:57:56Z", + "pushed_at": "2022-12-28T10:57:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21778.json b/2022/CVE-2022-21778.json new file mode 100644 index 0000000000..27c45c1a0d --- /dev/null +++ b/2022/CVE-2022-21778.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969726, + "name": "CVE-2022-21778", + "full_name": "Live-Hack-CVE\/CVE-2022-21778", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21778", + "description": "In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:52Z", + "updated_at": "2022-12-28T11:32:52Z", + "pushed_at": "2022-12-28T11:32:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21794.json b/2022/CVE-2022-21794.json new file mode 100644 index 0000000000..1f5bd19051 --- /dev/null +++ b/2022/CVE-2022-21794.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912242, + "name": "CVE-2022-21794", + "full_name": "Live-Hack-CVE\/CVE-2022-21794", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21794", + "description": "Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:41Z", + "updated_at": "2022-12-28T08:02:41Z", + "pushed_at": "2022-12-28T08:02:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21797.json b/2022/CVE-2022-21797.json deleted file mode 100644 index ed6ab0cf58..0000000000 --- a/2022/CVE-2022-21797.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818972, - "name": "CVE-2022-21797", - "full_name": "Live-Hack-CVE\/CVE-2022-21797", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21797", - "description": "The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:31:51Z", - "updated_at": "2022-12-28T00:31:51Z", - "pushed_at": "2022-12-28T00:31:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-21824.json b/2022/CVE-2022-21824.json new file mode 100644 index 0000000000..b30dc0e0f2 --- /dev/null +++ b/2022/CVE-2022-21824.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959979, + "name": "CVE-2022-21824", + "full_name": "Live-Hack-CVE\/CVE-2022-21824", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21824", + "description": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited cont CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:44Z", + "updated_at": "2022-12-28T10:56:44Z", + "pushed_at": "2022-12-28T10:56:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21831.json b/2022/CVE-2022-21831.json new file mode 100644 index 0000000000..dbf152d02d --- /dev/null +++ b/2022/CVE-2022-21831.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891621, + "name": "CVE-2022-21831", + "full_name": "Live-Hack-CVE\/CVE-2022-21831", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21831", + "description": "A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:11Z", + "updated_at": "2022-12-28T06:40:11Z", + "pushed_at": "2022-12-28T06:40:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2188.json b/2022/CVE-2022-2188.json new file mode 100644 index 0000000000..25ee3128e8 --- /dev/null +++ b/2022/CVE-2022-2188.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982620, + "name": "CVE-2022-2188", + "full_name": "Live-Hack-CVE\/CVE-2022-2188", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2188", + "description": "Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:42Z", + "updated_at": "2022-12-28T12:18:42Z", + "pushed_at": "2022-12-28T12:18:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21944.json b/2022/CVE-2022-21944.json new file mode 100644 index 0000000000..22a2a8fe05 --- /dev/null +++ b/2022/CVE-2022-21944.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982280, + "name": "CVE-2022-21944", + "full_name": "Live-Hack-CVE\/CVE-2022-21944", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-21944", + "description": "A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:33Z", + "updated_at": "2022-12-28T12:17:33Z", + "pushed_at": "2022-12-28T12:17:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21999.json b/2022/CVE-2022-21999.json index 5dc03cc92d..9c8533b390 100644 --- a/2022/CVE-2022-21999.json +++ b/2022/CVE-2022-21999.json @@ -13,10 +13,10 @@ "description": "Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)", "fork": false, "created_at": "2022-02-08T17:25:44Z", - "updated_at": "2022-12-27T16:37:20Z", + "updated_at": "2022-12-28T09:47:48Z", "pushed_at": "2022-02-09T16:54:09Z", - "stargazers_count": 671, - "watchers_count": 671, + "stargazers_count": 672, + "watchers_count": 672, "has_discussions": false, "forks_count": 143, "allow_forking": true, @@ -28,7 +28,7 @@ ], "visibility": "public", "forks": 143, - "watchers": 671, + "watchers": 672, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-2207.json b/2022/CVE-2022-2207.json new file mode 100644 index 0000000000..a5ec8b0a97 --- /dev/null +++ b/2022/CVE-2022-2207.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901274, + "name": "CVE-2022-2207", + "full_name": "Live-Hack-CVE\/CVE-2022-2207", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2207", + "description": "Heap-based Buffer Overflow in GitHub repository vim\/vim prior to 8.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:19:21Z", + "updated_at": "2022-12-28T07:19:21Z", + "pushed_at": "2022-12-28T07:19:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2214.json b/2022/CVE-2022-2214.json new file mode 100644 index 0000000000..feb55fed1c --- /dev/null +++ b/2022/CVE-2022-2214.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924518, + "name": "CVE-2022-2214", + "full_name": "Live-Hack-CVE\/CVE-2022-2214", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2214", + "description": "A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \/librarian\/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql in CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:49:33Z", + "updated_at": "2022-12-28T08:49:33Z", + "pushed_at": "2022-12-28T08:49:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-22293.json b/2022/CVE-2022-22293.json new file mode 100644 index 0000000000..263ed4bad2 --- /dev/null +++ b/2022/CVE-2022-22293.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903536, + "name": "CVE-2022-22293", + "full_name": "Live-Hack-CVE\/CVE-2022-22293", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22293", + "description": "admin\/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:28:16Z", + "updated_at": "2022-12-28T07:28:16Z", + "pushed_at": "2022-12-28T07:28:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-22503.json b/2022/CVE-2022-22503.json new file mode 100644 index 0000000000..9a63910c44 --- /dev/null +++ b/2022/CVE-2022-22503.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980744, + "name": "CVE-2022-22503", + "full_name": "Live-Hack-CVE\/CVE-2022-22503", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22503", + "description": "IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-For CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:14Z", + "updated_at": "2022-12-28T12:12:14Z", + "pushed_at": "2022-12-28T12:12:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-22577.json b/2022/CVE-2022-22577.json new file mode 100644 index 0000000000..11b91606e1 --- /dev/null +++ b/2022/CVE-2022-22577.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891637, + "name": "CVE-2022-22577", + "full_name": "Live-Hack-CVE\/CVE-2022-22577", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22577", + "description": "An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:15Z", + "updated_at": "2022-12-28T06:40:15Z", + "pushed_at": "2022-12-28T06:40:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-22808.json b/2022/CVE-2022-22808.json new file mode 100644 index 0000000000..7928c321c2 --- /dev/null +++ b/2022/CVE-2022-22808.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948510, + "name": "CVE-2022-22808", + "full_name": "Live-Hack-CVE\/CVE-2022-22808", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22808", + "description": "A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:14:55Z", + "updated_at": "2022-12-28T10:14:55Z", + "pushed_at": "2022-12-28T10:14:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-22815.json b/2022/CVE-2022-22815.json deleted file mode 100644 index 7627522de0..0000000000 --- a/2022/CVE-2022-22815.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873435, - "name": "CVE-2022-22815", - "full_name": "Live-Hack-CVE\/CVE-2022-22815", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22815", - "description": "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:21:40Z", - "updated_at": "2022-12-28T05:21:40Z", - "pushed_at": "2022-12-28T05:21:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-22816.json b/2022/CVE-2022-22816.json deleted file mode 100644 index 81b9516478..0000000000 --- a/2022/CVE-2022-22816.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873451, - "name": "CVE-2022-22816", - "full_name": "Live-Hack-CVE\/CVE-2022-22816", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22816", - "description": "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:21:43Z", - "updated_at": "2022-12-28T05:21:43Z", - "pushed_at": "2022-12-28T05:21:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-22817.json b/2022/CVE-2022-22817.json deleted file mode 100644 index 967b1c2da3..0000000000 --- a/2022/CVE-2022-22817.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873465, - "name": "CVE-2022-22817", - "full_name": "Live-Hack-CVE\/CVE-2022-22817", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22817", - "description": "PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used, CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:21:47Z", - "updated_at": "2022-12-28T05:21:47Z", - "pushed_at": "2022-12-28T05:21:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-22844.json b/2022/CVE-2022-22844.json new file mode 100644 index 0000000000..a84d499d8c --- /dev/null +++ b/2022/CVE-2022-22844.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923427, + "name": "CVE-2022-22844", + "full_name": "Live-Hack-CVE\/CVE-2022-22844", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22844", + "description": "LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:45:26Z", + "updated_at": "2022-12-28T08:45:26Z", + "pushed_at": "2022-12-28T08:45:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2294.json b/2022/CVE-2022-2294.json deleted file mode 100644 index f9f5becc42..0000000000 --- a/2022/CVE-2022-2294.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849306, - "name": "CVE-2022-2294", - "full_name": "Live-Hack-CVE\/CVE-2022-2294", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2294", - "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:05Z", - "updated_at": "2022-12-28T03:17:05Z", - "pushed_at": "2022-12-28T03:17:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-22965.json b/2022/CVE-2022-22965.json index 6866f5b676..99c9bd2dc3 100644 --- a/2022/CVE-2022-22965.json +++ b/2022/CVE-2022-22965.json @@ -1866,34 +1866,5 @@ "forks": 1, "watchers": 59, "score": 0 - }, - { - "id": 582867088, - "name": "CVE-2022-22965-rexbb", - "full_name": "zangcc\/CVE-2022-22965-rexbb", - "owner": { - "login": "zangcc", - "id": 64825932, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/64825932?v=4", - "html_url": "https:\/\/github.com\/zangcc" - }, - "html_url": "https:\/\/github.com\/zangcc\/CVE-2022-22965-rexbb", - "description": "CVE-2022-22965\\Spring-Core-RCE核弹级别漏洞的rce图形化GUI一键利用工具,基于JavaFx开发,图形化操作更简单,提高效率。", - "fork": false, - "created_at": "2022-12-28T04:50:16Z", - "updated_at": "2022-12-28T04:53:44Z", - "pushed_at": "2022-12-28T04:51:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-22970.json b/2022/CVE-2022-22970.json deleted file mode 100644 index 49a110268f..0000000000 --- a/2022/CVE-2022-22970.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 479332072, - "name": "spring-petclinic-template-with-CVE-2022-22970", - "full_name": "dapdelivery\/spring-petclinic-template-with-CVE-2022-22970", - "owner": { - "login": "dapdelivery", - "id": 97210359, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/97210359?v=4", - "html_url": "https:\/\/github.com\/dapdelivery" - }, - "html_url": "https:\/\/github.com\/dapdelivery\/spring-petclinic-template-with-CVE-2022-22970", - "description": null, - "fork": false, - "created_at": "2022-04-08T09:43:06Z", - "updated_at": "2022-05-27T04:23:20Z", - "pushed_at": "2022-04-08T09:53:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": true, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-22984.json b/2022/CVE-2022-22984.json deleted file mode 100644 index f8794307b8..0000000000 --- a/2022/CVE-2022-22984.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832064, - "name": "CVE-2022-22984", - "full_name": "Live-Hack-CVE\/CVE-2022-22984", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-22984", - "description": "The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk\/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the packa CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:14Z", - "updated_at": "2022-12-28T01:48:14Z", - "pushed_at": "2022-12-28T01:48:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23036.json b/2022/CVE-2022-23036.json deleted file mode 100644 index a75e7607a0..0000000000 --- a/2022/CVE-2022-23036.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582850072, - "name": "CVE-2022-23036", - "full_name": "Live-Hack-CVE\/CVE-2022-23036", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23036", - "description": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being sub CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:20:52Z", - "updated_at": "2022-12-28T03:20:52Z", - "pushed_at": "2022-12-28T03:20:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23037.json b/2022/CVE-2022-23037.json deleted file mode 100644 index 1d4fe44532..0000000000 --- a/2022/CVE-2022-23037.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582850060, - "name": "CVE-2022-23037", - "full_name": "Live-Hack-CVE\/CVE-2022-23037", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23037", - "description": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being sub CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:20:48Z", - "updated_at": "2022-12-28T03:20:48Z", - "pushed_at": "2022-12-28T03:20:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23038.json b/2022/CVE-2022-23038.json deleted file mode 100644 index a83811ec0f..0000000000 --- a/2022/CVE-2022-23038.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849950, - "name": "CVE-2022-23038", - "full_name": "Live-Hack-CVE\/CVE-2022-23038", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23038", - "description": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being sub CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:20:13Z", - "updated_at": "2022-12-28T03:20:13Z", - "pushed_at": "2022-12-28T03:20:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23039.json b/2022/CVE-2022-23039.json deleted file mode 100644 index af48b145a4..0000000000 --- a/2022/CVE-2022-23039.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849934, - "name": "CVE-2022-23039", - "full_name": "Live-Hack-CVE\/CVE-2022-23039", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23039", - "description": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being sub CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:20:10Z", - "updated_at": "2022-12-28T03:20:10Z", - "pushed_at": "2022-12-28T03:20:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23040.json b/2022/CVE-2022-23040.json deleted file mode 100644 index e4da626e12..0000000000 --- a/2022/CVE-2022-23040.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849921, - "name": "CVE-2022-23040", - "full_name": "Live-Hack-CVE\/CVE-2022-23040", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23040", - "description": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being sub CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:20:06Z", - "updated_at": "2022-12-28T03:20:06Z", - "pushed_at": "2022-12-28T03:20:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23041.json b/2022/CVE-2022-23041.json deleted file mode 100644 index b3f197de8a..0000000000 --- a/2022/CVE-2022-23041.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582850109, - "name": "CVE-2022-23041", - "full_name": "Live-Hack-CVE\/CVE-2022-23041", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23041", - "description": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being sub CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:21:01Z", - "updated_at": "2022-12-28T03:21:01Z", - "pushed_at": "2022-12-28T03:21:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23042.json b/2022/CVE-2022-23042.json deleted file mode 100644 index bd5cad1647..0000000000 --- a/2022/CVE-2022-23042.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582850084, - "name": "CVE-2022-23042", - "full_name": "Live-Hack-CVE\/CVE-2022-23042", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23042", - "description": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being sub CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:20:56Z", - "updated_at": "2022-12-28T03:20:56Z", - "pushed_at": "2022-12-28T03:20:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23044.json b/2022/CVE-2022-23044.json deleted file mode 100644 index 2d2a0e06dd..0000000000 --- a/2022/CVE-2022-23044.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817717, - "name": "CVE-2022-23044", - "full_name": "Live-Hack-CVE\/CVE-2022-23044", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23044", - "description": "Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:52Z", - "updated_at": "2022-12-28T00:24:52Z", - "pushed_at": "2022-12-28T00:24:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2311.json b/2022/CVE-2022-2311.json deleted file mode 100644 index 0804e00740..0000000000 --- a/2022/CVE-2022-2311.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848291, - "name": "CVE-2022-2311", - "full_name": "Live-Hack-CVE\/CVE-2022-2311", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2311", - "description": "The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:11:51Z", - "updated_at": "2022-12-28T03:11:51Z", - "pushed_at": "2022-12-28T03:11:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2319.json b/2022/CVE-2022-2319.json deleted file mode 100644 index 1b11c6bafe..0000000000 --- a/2022/CVE-2022-2319.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819485, - "name": "CVE-2022-2319", - "full_name": "Live-Hack-CVE\/CVE-2022-2319", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2319", - "description": "A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:49Z", - "updated_at": "2022-12-28T00:34:49Z", - "pushed_at": "2022-12-28T00:34:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2320.json b/2022/CVE-2022-2320.json deleted file mode 100644 index b662d4a810..0000000000 --- a/2022/CVE-2022-2320.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819458, - "name": "CVE-2022-2320", - "full_name": "Live-Hack-CVE\/CVE-2022-2320", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2320", - "description": "A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:39Z", - "updated_at": "2022-12-28T00:34:39Z", - "pushed_at": "2022-12-28T00:34:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23218.json b/2022/CVE-2022-23218.json new file mode 100644 index 0000000000..a0d0fccc05 --- /dev/null +++ b/2022/CVE-2022-23218.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982388, + "name": "CVE-2022-23218", + "full_name": "Live-Hack-CVE\/CVE-2022-23218", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23218", + "description": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:55Z", + "updated_at": "2022-12-28T12:17:55Z", + "pushed_at": "2022-12-28T12:17:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-23219.json b/2022/CVE-2022-23219.json new file mode 100644 index 0000000000..dbd5005ec8 --- /dev/null +++ b/2022/CVE-2022-23219.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982404, + "name": "CVE-2022-23219", + "full_name": "Live-Hack-CVE\/CVE-2022-23219", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23219", + "description": "The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stac CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:58Z", + "updated_at": "2022-12-28T12:17:58Z", + "pushed_at": "2022-12-28T12:18:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-23608.json b/2022/CVE-2022-23608.json new file mode 100644 index 0000000000..cea28988d9 --- /dev/null +++ b/2022/CVE-2022-23608.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893291, + "name": "CVE-2022-23608", + "full_name": "Live-Hack-CVE\/CVE-2022-23608", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23608", + "description": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematu CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:45Z", + "updated_at": "2022-12-28T06:46:45Z", + "pushed_at": "2022-12-28T06:46:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-23632.json b/2022/CVE-2022-23632.json deleted file mode 100644 index a157ed464a..0000000000 --- a/2022/CVE-2022-23632.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864785, - "name": "CVE-2022-23632", - "full_name": "Live-Hack-CVE\/CVE-2022-23632", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23632", - "description": "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:41Z", - "updated_at": "2022-12-28T04:38:41Z", - "pushed_at": "2022-12-28T04:38:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23708.json b/2022/CVE-2022-23708.json new file mode 100644 index 0000000000..d8d1721392 --- /dev/null +++ b/2022/CVE-2022-23708.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968795, + "name": "CVE-2022-23708", + "full_name": "Live-Hack-CVE\/CVE-2022-23708", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23708", + "description": "A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:29Z", + "updated_at": "2022-12-28T11:29:29Z", + "pushed_at": "2022-12-28T11:29:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-23740.json b/2022/CVE-2022-23740.json deleted file mode 100644 index 3dec34e889..0000000000 --- a/2022/CVE-2022-23740.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841512, - "name": "CVE-2022-23740", - "full_name": "Live-Hack-CVE\/CVE-2022-23740", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23740", - "description": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only v CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:54Z", - "updated_at": "2022-12-28T02:36:54Z", - "pushed_at": "2022-12-28T02:36:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23743.json b/2022/CVE-2022-23743.json deleted file mode 100644 index d1b6aaa762..0000000000 --- a/2022/CVE-2022-23743.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841457, - "name": "CVE-2022-23743", - "full_name": "Live-Hack-CVE\/CVE-2022-23743", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23743", - "description": "Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\\CheckPoint\\ZoneAlarm\\Data\\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:37Z", - "updated_at": "2022-12-28T02:36:37Z", - "pushed_at": "2022-12-28T02:36:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23772.json b/2022/CVE-2022-23772.json new file mode 100644 index 0000000000..43d8701ac7 --- /dev/null +++ b/2022/CVE-2022-23772.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960306, + "name": "CVE-2022-23772", + "full_name": "Live-Hack-CVE\/CVE-2022-23772", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23772", + "description": "Rat.SetString in math\/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:52Z", + "updated_at": "2022-12-28T10:57:53Z", + "pushed_at": "2022-12-28T10:57:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-23773.json b/2022/CVE-2022-23773.json new file mode 100644 index 0000000000..f142369a1c --- /dev/null +++ b/2022/CVE-2022-23773.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960405, + "name": "CVE-2022-23773", + "full_name": "Live-Hack-CVE\/CVE-2022-23773", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23773", + "description": "cmd\/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:58:13Z", + "updated_at": "2022-12-28T10:58:13Z", + "pushed_at": "2022-12-28T10:58:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-23806.json b/2022/CVE-2022-23806.json new file mode 100644 index 0000000000..3a4f29eb12 --- /dev/null +++ b/2022/CVE-2022-23806.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968913, + "name": "CVE-2022-23806", + "full_name": "Live-Hack-CVE\/CVE-2022-23806", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23806", + "description": "Curve.IsOnCurve in crypto\/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:56Z", + "updated_at": "2022-12-28T11:29:56Z", + "pushed_at": "2022-12-28T11:29:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-23824.json b/2022/CVE-2022-23824.json deleted file mode 100644 index 4870af60b4..0000000000 --- a/2022/CVE-2022-23824.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818672, - "name": "CVE-2022-23824", - "full_name": "Live-Hack-CVE\/CVE-2022-23824", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23824", - "description": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:30:13Z", - "updated_at": "2022-12-28T00:30:13Z", - "pushed_at": "2022-12-28T00:30:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-23825.json b/2022/CVE-2022-23825.json new file mode 100644 index 0000000000..c0d8ae4644 --- /dev/null +++ b/2022/CVE-2022-23825.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957444, + "name": "CVE-2022-23825", + "full_name": "Live-Hack-CVE\/CVE-2022-23825", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23825", + "description": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:47:33Z", + "updated_at": "2022-12-28T10:47:33Z", + "pushed_at": "2022-12-28T10:47:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-23831.json b/2022/CVE-2022-23831.json new file mode 100644 index 0000000000..b62fac8936 --- /dev/null +++ b/2022/CVE-2022-23831.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913587, + "name": "CVE-2022-23831", + "full_name": "Live-Hack-CVE\/CVE-2022-23831", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-23831", + "description": "Insufficient validation of the IOCTL input buffer in AMD ?Prof may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:41Z", + "updated_at": "2022-12-28T08:07:41Z", + "pushed_at": "2022-12-28T08:07:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2387.json b/2022/CVE-2022-2387.json new file mode 100644 index 0000000000..80bafb6b8a --- /dev/null +++ b/2022/CVE-2022-2387.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969386, + "name": "CVE-2022-2387", + "full_name": "Live-Hack-CVE\/CVE-2022-2387", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2387", + "description": "The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:31:32Z", + "updated_at": "2022-12-28T11:31:32Z", + "pushed_at": "2022-12-28T11:31:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24036.json b/2022/CVE-2022-24036.json new file mode 100644 index 0000000000..d18c70c267 --- /dev/null +++ b/2022/CVE-2022-24036.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890914, + "name": "CVE-2022-24036", + "full_name": "Live-Hack-CVE\/CVE-2022-24036", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24036", + "description": "Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:24Z", + "updated_at": "2022-12-28T06:37:24Z", + "pushed_at": "2022-12-28T06:37:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24037.json b/2022/CVE-2022-24037.json deleted file mode 100644 index 151e45ab2e..0000000000 --- a/2022/CVE-2022-24037.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872394, - "name": "CVE-2022-24037", - "full_name": "Live-Hack-CVE\/CVE-2022-24037", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24037", - "description": "Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to obtain critical information. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:24Z", - "updated_at": "2022-12-28T05:17:24Z", - "pushed_at": "2022-12-28T05:17:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24038.json b/2022/CVE-2022-24038.json deleted file mode 100644 index dac35bbe7b..0000000000 --- a/2022/CVE-2022-24038.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872381, - "name": "CVE-2022-24038", - "full_name": "Live-Hack-CVE\/CVE-2022-24038", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24038", - "description": "Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:21Z", - "updated_at": "2022-12-28T05:17:21Z", - "pushed_at": "2022-12-28T05:17:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24187.json b/2022/CVE-2022-24187.json deleted file mode 100644 index c728407008..0000000000 --- a/2022/CVE-2022-24187.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833031, - "name": "CVE-2022-24187", - "full_name": "Live-Hack-CVE\/CVE-2022-24187", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24187", - "description": "The user_id and device_id on the Ourphoto App version 1.4.1 \/device\/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover s CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:37Z", - "updated_at": "2022-12-28T01:53:37Z", - "pushed_at": "2022-12-28T01:53:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24188.json b/2022/CVE-2022-24188.json deleted file mode 100644 index b69c458405..0000000000 --- a/2022/CVE-2022-24188.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833042, - "name": "CVE-2022-24188", - "full_name": "Live-Hack-CVE\/CVE-2022-24188", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24188", - "description": "The \/device\/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:40Z", - "updated_at": "2022-12-28T01:53:40Z", - "pushed_at": "2022-12-28T01:53:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24189.json b/2022/CVE-2022-24189.json deleted file mode 100644 index 9774522878..0000000000 --- a/2022/CVE-2022-24189.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833137, - "name": "CVE-2022-24189", - "full_name": "Live-Hack-CVE\/CVE-2022-24189", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24189", - "description": "The user_token authorization header on the Ourphoto App version 1.4.1 \/apiv1\/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:12Z", - "updated_at": "2022-12-28T01:54:12Z", - "pushed_at": "2022-12-28T01:54:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24190.json b/2022/CVE-2022-24190.json deleted file mode 100644 index 3cdb7d6c6a..0000000000 --- a/2022/CVE-2022-24190.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833148, - "name": "CVE-2022-24190", - "full_name": "Live-Hack-CVE\/CVE-2022-24190", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24190", - "description": "The \/device\/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind requ CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:15Z", - "updated_at": "2022-12-28T01:54:15Z", - "pushed_at": "2022-12-28T01:54:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24303.json b/2022/CVE-2022-24303.json deleted file mode 100644 index df26ea0172..0000000000 --- a/2022/CVE-2022-24303.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873251, - "name": "CVE-2022-24303", - "full_name": "Live-Hack-CVE\/CVE-2022-24303", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24303", - "description": "Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:56Z", - "updated_at": "2022-12-28T05:20:56Z", - "pushed_at": "2022-12-28T05:20:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24441.json b/2022/CVE-2022-24441.json deleted file mode 100644 index 82540af518..0000000000 --- a/2022/CVE-2022-24441.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582831940, - "name": "CVE-2022-24441", - "full_name": "Live-Hack-CVE\/CVE-2022-24441", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24441", - "description": "The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability m CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:47:41Z", - "updated_at": "2022-12-28T01:47:41Z", - "pushed_at": "2022-12-28T01:47:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2449.json b/2022/CVE-2022-2449.json new file mode 100644 index 0000000000..ee941b8e0e --- /dev/null +++ b/2022/CVE-2022-2449.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923625, + "name": "CVE-2022-2449", + "full_name": "Live-Hack-CVE\/CVE-2022-2449", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2449", + "description": "The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:07Z", + "updated_at": "2022-12-28T08:46:07Z", + "pushed_at": "2022-12-28T08:46:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2450.json b/2022/CVE-2022-2450.json new file mode 100644 index 0000000000..309f7a16f6 --- /dev/null +++ b/2022/CVE-2022-2450.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923646, + "name": "CVE-2022-2450", + "full_name": "Live-Hack-CVE\/CVE-2022-2450", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2450", + "description": "The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:10Z", + "updated_at": "2022-12-28T08:46:10Z", + "pushed_at": "2022-12-28T08:46:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24714.json b/2022/CVE-2022-24714.json new file mode 100644 index 0000000000..a94fb0cde0 --- /dev/null +++ b/2022/CVE-2022-24714.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968740, + "name": "CVE-2022-24714", + "full_name": "Live-Hack-CVE\/CVE-2022-24714", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24714", + "description": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a co CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:18Z", + "updated_at": "2022-12-28T11:29:18Z", + "pushed_at": "2022-12-28T11:29:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24715.json b/2022/CVE-2022-24715.json new file mode 100644 index 0000000000..0c528b420c --- /dev/null +++ b/2022/CVE-2022-24715.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968899, + "name": "CVE-2022-24715", + "full_name": "Live-Hack-CVE\/CVE-2022-24715", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24715", + "description": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Ici CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:52Z", + "updated_at": "2022-12-28T11:29:52Z", + "pushed_at": "2022-12-28T11:29:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24716.json b/2022/CVE-2022-24716.json new file mode 100644 index 0000000000..f30511be81 --- /dev/null +++ b/2022/CVE-2022-24716.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968765, + "name": "CVE-2022-24716", + "full_name": "Live-Hack-CVE\/CVE-2022-24716", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24716", + "description": "Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:22Z", + "updated_at": "2022-12-28T11:29:22Z", + "pushed_at": "2022-12-28T11:29:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24723.json b/2022/CVE-2022-24723.json deleted file mode 100644 index 4dcc1e3c9c..0000000000 --- a/2022/CVE-2022-24723.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849475, - "name": "CVE-2022-24723", - "full_name": "Live-Hack-CVE\/CVE-2022-24723", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24723", - "description": "URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workarou CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:57Z", - "updated_at": "2022-12-28T03:17:57Z", - "pushed_at": "2022-12-28T03:17:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24754.json b/2022/CVE-2022-24754.json new file mode 100644 index 0000000000..f91425230c --- /dev/null +++ b/2022/CVE-2022-24754.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923119, + "name": "CVE-2022-24754", + "full_name": "Live-Hack-CVE\/CVE-2022-24754", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24754", + "description": "PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has b CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:44:15Z", + "updated_at": "2022-12-28T08:44:15Z", + "pushed_at": "2022-12-28T08:44:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24763.json b/2022/CVE-2022-24763.json new file mode 100644 index 0000000000..9442006b3d --- /dev/null +++ b/2022/CVE-2022-24763.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893278, + "name": "CVE-2022-24763", + "full_name": "Live-Hack-CVE\/CVE-2022-24763", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24763", + "description": "PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:42Z", + "updated_at": "2022-12-28T06:46:42Z", + "pushed_at": "2022-12-28T06:46:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24764.json b/2022/CVE-2022-24764.json new file mode 100644 index 0000000000..b7bb4bb10c --- /dev/null +++ b/2022/CVE-2022-24764.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893265, + "name": "CVE-2022-24764", + "full_name": "Live-Hack-CVE\/CVE-2022-24764", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24764", + "description": "PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:39Z", + "updated_at": "2022-12-28T06:46:39Z", + "pushed_at": "2022-12-28T06:46:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24786.json b/2022/CVE-2022-24786.json new file mode 100644 index 0000000000..cbc2252435 --- /dev/null +++ b/2022/CVE-2022-24786.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893252, + "name": "CVE-2022-24786", + "full_name": "Live-Hack-CVE\/CVE-2022-24786", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24786", + "description": "PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:35Z", + "updated_at": "2022-12-28T06:46:35Z", + "pushed_at": "2022-12-28T06:46:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24823.json b/2022/CVE-2022-24823.json deleted file mode 100644 index c6c8576e1e..0000000000 --- a/2022/CVE-2022-24823.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818539, - "name": "CVE-2022-24823", - "full_name": "Live-Hack-CVE\/CVE-2022-24823", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24823", - "description": "Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary director CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:29:32Z", - "updated_at": "2022-12-28T00:29:32Z", - "pushed_at": "2022-12-28T00:29:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24882.json b/2022/CVE-2022-24882.json new file mode 100644 index 0000000000..e37b9ad49a --- /dev/null +++ b/2022/CVE-2022-24882.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922709, + "name": "CVE-2022-24882", + "full_name": "Live-Hack-CVE\/CVE-2022-24882", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24882", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:39Z", + "updated_at": "2022-12-28T08:42:39Z", + "pushed_at": "2022-12-28T08:42:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24883.json b/2022/CVE-2022-24883.json new file mode 100644 index 0000000000..2ef1920082 --- /dev/null +++ b/2022/CVE-2022-24883.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922636, + "name": "CVE-2022-24883", + "full_name": "Live-Hack-CVE\/CVE-2022-24883", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24883", + "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using Fre CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:21Z", + "updated_at": "2022-12-28T08:42:22Z", + "pushed_at": "2022-12-28T08:42:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24903.json b/2022/CVE-2022-24903.json new file mode 100644 index 0000000000..2bc2f4d3b8 --- /dev/null +++ b/2022/CVE-2022-24903.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947397, + "name": "CVE-2022-24903", + "full_name": "Live-Hack-CVE\/CVE-2022-24903", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24903", + "description": "Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may sti CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:07Z", + "updated_at": "2022-12-28T10:11:07Z", + "pushed_at": "2022-12-28T10:11:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24921.json b/2022/CVE-2022-24921.json new file mode 100644 index 0000000000..cb699d877a --- /dev/null +++ b/2022/CVE-2022-24921.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968780, + "name": "CVE-2022-24921", + "full_name": "Live-Hack-CVE\/CVE-2022-24921", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24921", + "description": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:25Z", + "updated_at": "2022-12-28T11:29:25Z", + "pushed_at": "2022-12-28T11:29:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24937.json b/2022/CVE-2022-24937.json new file mode 100644 index 0000000000..dbc5ad59d7 --- /dev/null +++ b/2022/CVE-2022-24937.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902333, + "name": "CVE-2022-24937", + "full_name": "Live-Hack-CVE\/CVE-2022-24937", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24937", + "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:24Z", + "updated_at": "2022-12-28T07:23:24Z", + "pushed_at": "2022-12-28T07:23:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24938.json b/2022/CVE-2022-24938.json new file mode 100644 index 0000000000..d3bc4084e4 --- /dev/null +++ b/2022/CVE-2022-24938.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902444, + "name": "CVE-2022-24938", + "full_name": "Live-Hack-CVE\/CVE-2022-24938", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24938", + "description": "A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:52Z", + "updated_at": "2022-12-28T07:23:52Z", + "pushed_at": "2022-12-28T07:23:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-24939.json b/2022/CVE-2022-24939.json deleted file mode 100644 index fe5cbe66b3..0000000000 --- a/2022/CVE-2022-24939.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865362, - "name": "CVE-2022-24939", - "full_name": "Live-Hack-CVE\/CVE-2022-24939", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24939", - "description": "A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:41:44Z", - "updated_at": "2022-12-28T04:41:44Z", - "pushed_at": "2022-12-28T04:41:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-24999.json b/2022/CVE-2022-24999.json index 336d7b5393..b8f65f1883 100644 --- a/2022/CVE-2022-24999.json +++ b/2022/CVE-2022-24999.json @@ -27,34 +27,5 @@ "forks": 1, "watchers": 3, "score": 0 - }, - { - "id": 582856987, - "name": "CVE-2022-24999", - "full_name": "Live-Hack-CVE\/CVE-2022-24999", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-24999", - "description": "qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:42Z", - "updated_at": "2022-12-28T03:57:42Z", - "pushed_at": "2022-12-28T03:57:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-25164.json b/2022/CVE-2022-25164.json deleted file mode 100644 index e3f5867ff0..0000000000 --- a/2022/CVE-2022-25164.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856293, - "name": "CVE-2022-25164", - "full_name": "Live-Hack-CVE\/CVE-2022-25164", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25164", - "description": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:53:53Z", - "updated_at": "2022-12-28T03:53:53Z", - "pushed_at": "2022-12-28T03:53:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-25169.json b/2022/CVE-2022-25169.json new file mode 100644 index 0000000000..121aa94678 --- /dev/null +++ b/2022/CVE-2022-25169.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968869, + "name": "CVE-2022-25169", + "full_name": "Live-Hack-CVE\/CVE-2022-25169", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25169", + "description": "The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:46Z", + "updated_at": "2022-12-28T11:29:46Z", + "pushed_at": "2022-12-28T11:29:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25243.json b/2022/CVE-2022-25243.json new file mode 100644 index 0000000000..ff4b8efb34 --- /dev/null +++ b/2022/CVE-2022-25243.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968698, + "name": "CVE-2022-25243", + "full_name": "Live-Hack-CVE\/CVE-2022-25243", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25243", + "description": "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:11Z", + "updated_at": "2022-12-28T11:29:11Z", + "pushed_at": "2022-12-28T11:29:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2526.json b/2022/CVE-2022-2526.json new file mode 100644 index 0000000000..b48341e5b1 --- /dev/null +++ b/2022/CVE-2022-2526.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947365, + "name": "CVE-2022-2526", + "full_name": "Live-Hack-CVE\/CVE-2022-2526", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2526", + "description": "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:00Z", + "updated_at": "2022-12-28T10:11:00Z", + "pushed_at": "2022-12-28T10:11:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2553.json b/2022/CVE-2022-2553.json deleted file mode 100644 index ff4d54ed27..0000000000 --- a/2022/CVE-2022-2553.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825244, - "name": "CVE-2022-2553", - "full_name": "Live-Hack-CVE\/CVE-2022-2553", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2553", - "description": "The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:09:22Z", - "updated_at": "2022-12-28T01:09:22Z", - "pushed_at": "2022-12-28T01:09:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-25610.json b/2022/CVE-2022-25610.json deleted file mode 100644 index 33130784d8..0000000000 --- a/2022/CVE-2022-25610.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582831681, - "name": "CVE-2022-25610", - "full_name": "Live-Hack-CVE\/CVE-2022-25610", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25610", - "description": "Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:46:24Z", - "updated_at": "2022-12-28T01:46:24Z", - "pushed_at": "2022-12-28T01:46:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-25647.json b/2022/CVE-2022-25647.json deleted file mode 100644 index 9c61413db4..0000000000 --- a/2022/CVE-2022-25647.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857320, - "name": "CVE-2022-25647", - "full_name": "Live-Hack-CVE\/CVE-2022-25647", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25647", - "description": "The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:33Z", - "updated_at": "2022-12-28T03:59:33Z", - "pushed_at": "2022-12-28T03:59:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-25667.json b/2022/CVE-2022-25667.json new file mode 100644 index 0000000000..80c4134d6c --- /dev/null +++ b/2022/CVE-2022-25667.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901721, + "name": "CVE-2022-25667", + "full_name": "Live-Hack-CVE\/CVE-2022-25667", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25667", + "description": "Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:03Z", + "updated_at": "2022-12-28T07:21:03Z", + "pushed_at": "2022-12-28T07:21:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25671.json b/2022/CVE-2022-25671.json new file mode 100644 index 0000000000..c42a5f7083 --- /dev/null +++ b/2022/CVE-2022-25671.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901684, + "name": "CVE-2022-25671", + "full_name": "Live-Hack-CVE\/CVE-2022-25671", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25671", + "description": "Denial of service in MODEM due to reachable assertion in Snapdragon Mobile CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:55Z", + "updated_at": "2022-12-28T07:20:55Z", + "pushed_at": "2022-12-28T07:20:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25674.json b/2022/CVE-2022-25674.json new file mode 100644 index 0000000000..1fcbc573a7 --- /dev/null +++ b/2022/CVE-2022-25674.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901660, + "name": "CVE-2022-25674", + "full_name": "Live-Hack-CVE\/CVE-2022-25674", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25674", + "description": "Cryptographic issues in WLAN during the group key handshake of the WPA\/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:52Z", + "updated_at": "2022-12-28T07:20:52Z", + "pushed_at": "2022-12-28T07:20:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25676.json b/2022/CVE-2022-25676.json new file mode 100644 index 0000000000..c3749f0a95 --- /dev/null +++ b/2022/CVE-2022-25676.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901488, + "name": "CVE-2022-25676", + "full_name": "Live-Hack-CVE\/CVE-2022-25676", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25676", + "description": "Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:03Z", + "updated_at": "2022-12-28T07:20:03Z", + "pushed_at": "2022-12-28T07:20:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25679.json b/2022/CVE-2022-25679.json new file mode 100644 index 0000000000..f2dadde43f --- /dev/null +++ b/2022/CVE-2022-25679.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902454, + "name": "CVE-2022-25679", + "full_name": "Live-Hack-CVE\/CVE-2022-25679", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25679", + "description": "Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:55Z", + "updated_at": "2022-12-28T07:23:55Z", + "pushed_at": "2022-12-28T07:23:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25710.json b/2022/CVE-2022-25710.json new file mode 100644 index 0000000000..6ff76ccc83 --- /dev/null +++ b/2022/CVE-2022-25710.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902468, + "name": "CVE-2022-25710", + "full_name": "Live-Hack-CVE\/CVE-2022-25710", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25710", + "description": "Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:58Z", + "updated_at": "2022-12-28T07:23:58Z", + "pushed_at": "2022-12-28T07:24:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25724.json b/2022/CVE-2022-25724.json new file mode 100644 index 0000000000..70610ad4c3 --- /dev/null +++ b/2022/CVE-2022-25724.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901506, + "name": "CVE-2022-25724", + "full_name": "Live-Hack-CVE\/CVE-2022-25724", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25724", + "description": "Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:07Z", + "updated_at": "2022-12-28T07:20:07Z", + "pushed_at": "2022-12-28T07:20:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25727.json b/2022/CVE-2022-25727.json new file mode 100644 index 0000000000..1edeb6b80d --- /dev/null +++ b/2022/CVE-2022-25727.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901471, + "name": "CVE-2022-25727", + "full_name": "Live-Hack-CVE\/CVE-2022-25727", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25727", + "description": "Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:00Z", + "updated_at": "2022-12-28T07:20:00Z", + "pushed_at": "2022-12-28T07:20:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25741.json b/2022/CVE-2022-25741.json new file mode 100644 index 0000000000..d80fde4263 --- /dev/null +++ b/2022/CVE-2022-25741.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901456, + "name": "CVE-2022-25741", + "full_name": "Live-Hack-CVE\/CVE-2022-25741", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25741", + "description": "Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:19:56Z", + "updated_at": "2022-12-28T07:19:56Z", + "pushed_at": "2022-12-28T07:19:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25742.json b/2022/CVE-2022-25742.json new file mode 100644 index 0000000000..5330990bc3 --- /dev/null +++ b/2022/CVE-2022-25742.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901436, + "name": "CVE-2022-25742", + "full_name": "Live-Hack-CVE\/CVE-2022-25742", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25742", + "description": "Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:19:52Z", + "updated_at": "2022-12-28T07:19:52Z", + "pushed_at": "2022-12-28T07:19:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25743.json b/2022/CVE-2022-25743.json new file mode 100644 index 0000000000..3b7173bc93 --- /dev/null +++ b/2022/CVE-2022-25743.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901414, + "name": "CVE-2022-25743", + "full_name": "Live-Hack-CVE\/CVE-2022-25743", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25743", + "description": "Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:19:49Z", + "updated_at": "2022-12-28T07:19:49Z", + "pushed_at": "2022-12-28T07:19:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25765.json b/2022/CVE-2022-25765.json new file mode 100644 index 0000000000..bb185ce5ae --- /dev/null +++ b/2022/CVE-2022-25765.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947380, + "name": "CVE-2022-25765", + "full_name": "Live-Hack-CVE\/CVE-2022-25765", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25765", + "description": "The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:03Z", + "updated_at": "2022-12-28T10:11:03Z", + "pushed_at": "2022-12-28T10:11:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25794.json b/2022/CVE-2022-25794.json new file mode 100644 index 0000000000..c1931f6385 --- /dev/null +++ b/2022/CVE-2022-25794.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924677, + "name": "CVE-2022-25794", + "full_name": "Live-Hack-CVE\/CVE-2022-25794", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25794", + "description": "An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vu CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:11Z", + "updated_at": "2022-12-28T08:50:11Z", + "pushed_at": "2022-12-28T08:50:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25799.json b/2022/CVE-2022-25799.json new file mode 100644 index 0000000000..d12a3d88ae --- /dev/null +++ b/2022/CVE-2022-25799.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924477, + "name": "CVE-2022-25799", + "full_name": "Live-Hack-CVE\/CVE-2022-25799", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25799", + "description": "An open redirect vulnerability exists in CERT\/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed t CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:49:22Z", + "updated_at": "2022-12-28T08:49:22Z", + "pushed_at": "2022-12-28T08:49:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25844.json b/2022/CVE-2022-25844.json new file mode 100644 index 0000000000..4b26db8130 --- /dev/null +++ b/2022/CVE-2022-25844.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924354, + "name": "CVE-2022-25844", + "full_name": "Live-Hack-CVE\/CVE-2022-25844", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25844", + "description": "The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no lon CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:50Z", + "updated_at": "2022-12-28T08:48:50Z", + "pushed_at": "2022-12-28T08:48:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-25848.json b/2022/CVE-2022-25848.json deleted file mode 100644 index 082737c3fd..0000000000 --- a/2022/CVE-2022-25848.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833606, - "name": "CVE-2022-25848", - "full_name": "Live-Hack-CVE\/CVE-2022-25848", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25848", - "description": "This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:32Z", - "updated_at": "2022-12-28T01:56:33Z", - "pushed_at": "2022-12-28T01:56:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-25892.json b/2022/CVE-2022-25892.json deleted file mode 100644 index 12c314839c..0000000000 --- a/2022/CVE-2022-25892.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818916, - "name": "CVE-2022-25892", - "full_name": "Live-Hack-CVE\/CVE-2022-25892", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25892", - "description": "The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:31:33Z", - "updated_at": "2022-12-28T00:31:33Z", - "pushed_at": "2022-12-28T00:31:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-25917.json b/2022/CVE-2022-25917.json deleted file mode 100644 index 700ab6438a..0000000000 --- a/2022/CVE-2022-25917.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856530, - "name": "CVE-2022-25917", - "full_name": "Live-Hack-CVE\/CVE-2022-25917", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25917", - "description": "Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:18Z", - "updated_at": "2022-12-28T03:55:18Z", - "pushed_at": "2022-12-28T03:55:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-25932.json b/2022/CVE-2022-25932.json new file mode 100644 index 0000000000..f26984fbfd --- /dev/null +++ b/2022/CVE-2022-25932.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937159, + "name": "CVE-2022-25932", + "full_name": "Live-Hack-CVE\/CVE-2022-25932", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-25932", + "description": "The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:35:00Z", + "updated_at": "2022-12-28T09:35:00Z", + "pushed_at": "2022-12-28T09:35:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26006.json b/2022/CVE-2022-26006.json new file mode 100644 index 0000000000..8b16a6a05c --- /dev/null +++ b/2022/CVE-2022-26006.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912651, + "name": "CVE-2022-26006", + "full_name": "Live-Hack-CVE\/CVE-2022-26006", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26006", + "description": "Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:17Z", + "updated_at": "2022-12-28T08:04:17Z", + "pushed_at": "2022-12-28T08:04:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26023.json b/2022/CVE-2022-26023.json new file mode 100644 index 0000000000..ff34b3dddb --- /dev/null +++ b/2022/CVE-2022-26023.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958088, + "name": "CVE-2022-26023", + "full_name": "Live-Hack-CVE\/CVE-2022-26023", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26023", + "description": "A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:49:54Z", + "updated_at": "2022-12-28T10:49:54Z", + "pushed_at": "2022-12-28T10:49:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26024.json b/2022/CVE-2022-26024.json new file mode 100644 index 0000000000..d5fd478054 --- /dev/null +++ b/2022/CVE-2022-26024.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912226, + "name": "CVE-2022-26024", + "full_name": "Live-Hack-CVE\/CVE-2022-26024", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26024", + "description": "Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:37Z", + "updated_at": "2022-12-28T08:02:37Z", + "pushed_at": "2022-12-28T08:02:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26028.json b/2022/CVE-2022-26028.json new file mode 100644 index 0000000000..196f8adc96 --- /dev/null +++ b/2022/CVE-2022-26028.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902264, + "name": "CVE-2022-26028", + "full_name": "Live-Hack-CVE\/CVE-2022-26028", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26028", + "description": "Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:07Z", + "updated_at": "2022-12-28T07:23:07Z", + "pushed_at": "2022-12-28T07:23:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26045.json b/2022/CVE-2022-26045.json new file mode 100644 index 0000000000..6dc2f95a43 --- /dev/null +++ b/2022/CVE-2022-26045.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923933, + "name": "CVE-2022-26045", + "full_name": "Live-Hack-CVE\/CVE-2022-26045", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26045", + "description": "Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:16Z", + "updated_at": "2022-12-28T08:47:16Z", + "pushed_at": "2022-12-28T08:47:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26047.json b/2022/CVE-2022-26047.json new file mode 100644 index 0000000000..ddb25ff5fe --- /dev/null +++ b/2022/CVE-2022-26047.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892808, + "name": "CVE-2022-26047", + "full_name": "Live-Hack-CVE\/CVE-2022-26047", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26047", + "description": "Improper input validation for some Intel(R) PROSet\/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:44Z", + "updated_at": "2022-12-28T06:44:44Z", + "pushed_at": "2022-12-28T06:44:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26079.json b/2022/CVE-2022-26079.json new file mode 100644 index 0000000000..058d037284 --- /dev/null +++ b/2022/CVE-2022-26079.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923954, + "name": "CVE-2022-26079", + "full_name": "Live-Hack-CVE\/CVE-2022-26079", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26079", + "description": "Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:19Z", + "updated_at": "2022-12-28T08:47:19Z", + "pushed_at": "2022-12-28T08:47:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26086.json b/2022/CVE-2022-26086.json new file mode 100644 index 0000000000..a7abd9634d --- /dev/null +++ b/2022/CVE-2022-26086.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902256, + "name": "CVE-2022-26086", + "full_name": "Live-Hack-CVE\/CVE-2022-26086", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26086", + "description": "Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:03Z", + "updated_at": "2022-12-28T07:23:03Z", + "pushed_at": "2022-12-28T07:23:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26088.json b/2022/CVE-2022-26088.json new file mode 100644 index 0000000000..430d0fd808 --- /dev/null +++ b/2022/CVE-2022-26088.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936067, + "name": "CVE-2022-26088", + "full_name": "Live-Hack-CVE\/CVE-2022-26088", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26088", + "description": "An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the \"number of recipients\" field. NOTE: the vendor's posi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:00Z", + "updated_at": "2022-12-28T09:31:00Z", + "pushed_at": "2022-12-28T09:31:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26124.json b/2022/CVE-2022-26124.json new file mode 100644 index 0000000000..3cf3617477 --- /dev/null +++ b/2022/CVE-2022-26124.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912373, + "name": "CVE-2022-26124", + "full_name": "Live-Hack-CVE\/CVE-2022-26124", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26124", + "description": "Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:09Z", + "updated_at": "2022-12-28T08:03:09Z", + "pushed_at": "2022-12-28T08:03:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26151.json b/2022/CVE-2022-26151.json deleted file mode 100644 index 2e6316eb58..0000000000 --- a/2022/CVE-2022-26151.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824854, - "name": "CVE-2022-26151", - "full_name": "Live-Hack-CVE\/CVE-2022-26151", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26151", - "description": "Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:07:03Z", - "updated_at": "2022-12-28T01:07:03Z", - "pushed_at": "2022-12-28T01:07:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2625.json b/2022/CVE-2022-2625.json deleted file mode 100644 index 4d2d8317f3..0000000000 --- a/2022/CVE-2022-2625.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825220, - "name": "CVE-2022-2625", - "full_name": "Live-Hack-CVE\/CVE-2022-2625", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2625", - "description": "A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:09:12Z", - "updated_at": "2022-12-28T01:09:12Z", - "pushed_at": "2022-12-28T01:09:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-26280.json b/2022/CVE-2022-26280.json deleted file mode 100644 index ab044ae051..0000000000 --- a/2022/CVE-2022-26280.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856657, - "name": "CVE-2022-26280", - "full_name": "Live-Hack-CVE\/CVE-2022-26280", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26280", - "description": "Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:00Z", - "updated_at": "2022-12-28T04:01:15Z", - "pushed_at": "2022-12-28T03:56:03Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-26341.json b/2022/CVE-2022-26341.json new file mode 100644 index 0000000000..ee36624cff --- /dev/null +++ b/2022/CVE-2022-26341.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902211, + "name": "CVE-2022-26341", + "full_name": "Live-Hack-CVE\/CVE-2022-26341", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26341", + "description": "Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:52Z", + "updated_at": "2022-12-28T07:22:52Z", + "pushed_at": "2022-12-28T07:22:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26366.json b/2022/CVE-2022-26366.json deleted file mode 100644 index 2942be1491..0000000000 --- a/2022/CVE-2022-26366.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832534, - "name": "CVE-2022-26366", - "full_name": "Live-Hack-CVE\/CVE-2022-26366", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26366", - "description": "Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:50Z", - "updated_at": "2022-12-28T01:50:50Z", - "pushed_at": "2022-12-28T01:50:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-26367.json b/2022/CVE-2022-26367.json new file mode 100644 index 0000000000..55d2752f71 --- /dev/null +++ b/2022/CVE-2022-26367.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924365, + "name": "CVE-2022-26367", + "full_name": "Live-Hack-CVE\/CVE-2022-26367", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26367", + "description": "Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:53Z", + "updated_at": "2022-12-28T08:48:53Z", + "pushed_at": "2022-12-28T08:48:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26369.json b/2022/CVE-2022-26369.json new file mode 100644 index 0000000000..117866ff0c --- /dev/null +++ b/2022/CVE-2022-26369.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924025, + "name": "CVE-2022-26369", + "full_name": "Live-Hack-CVE\/CVE-2022-26369", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26369", + "description": "Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:37Z", + "updated_at": "2022-12-28T08:47:37Z", + "pushed_at": "2022-12-28T08:47:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2637.json b/2022/CVE-2022-2637.json new file mode 100644 index 0000000000..3124edeec2 --- /dev/null +++ b/2022/CVE-2022-2637.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980564, + "name": "CVE-2022-2637", + "full_name": "Live-Hack-CVE\/CVE-2022-2637", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2637", + "description": "Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects: Hitachi Storage Plug-in for VMware vCenter 04.8.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:41Z", + "updated_at": "2022-12-28T12:11:41Z", + "pushed_at": "2022-12-28T12:11:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26376.json b/2022/CVE-2022-26376.json deleted file mode 100644 index 8bb9c2e6aa..0000000000 --- a/2022/CVE-2022-26376.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825261, - "name": "CVE-2022-26376", - "full_name": "Live-Hack-CVE\/CVE-2022-26376", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26376", - "description": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:09:25Z", - "updated_at": "2022-12-28T01:09:26Z", - "pushed_at": "2022-12-28T01:09:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-26446.json b/2022/CVE-2022-26446.json new file mode 100644 index 0000000000..c9eac4bed0 --- /dev/null +++ b/2022/CVE-2022-26446.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969614, + "name": "CVE-2022-26446", + "full_name": "Live-Hack-CVE\/CVE-2022-26446", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26446", + "description": "In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS072741 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:21Z", + "updated_at": "2022-12-28T11:32:21Z", + "pushed_at": "2022-12-28T11:32:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26498.json b/2022/CVE-2022-26498.json new file mode 100644 index 0000000000..f858ee6c3a --- /dev/null +++ b/2022/CVE-2022-26498.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893217, + "name": "CVE-2022-26498", + "full_name": "Live-Hack-CVE\/CVE-2022-26498", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26498", + "description": "An issue was discovered in Asterisk through 19.x. When using STIR\/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:25Z", + "updated_at": "2022-12-28T06:46:25Z", + "pushed_at": "2022-12-28T06:46:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26499.json b/2022/CVE-2022-26499.json new file mode 100644 index 0000000000..38e9253d9e --- /dev/null +++ b/2022/CVE-2022-26499.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893229, + "name": "CVE-2022-26499", + "full_name": "Live-Hack-CVE\/CVE-2022-26499", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26499", + "description": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR\/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:28Z", + "updated_at": "2022-12-28T06:46:28Z", + "pushed_at": "2022-12-28T06:46:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2650.json b/2022/CVE-2022-2650.json deleted file mode 100644 index cbc6b15247..0000000000 --- a/2022/CVE-2022-2650.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841763, - "name": "CVE-2022-2650", - "full_name": "Live-Hack-CVE\/CVE-2022-2650", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2650", - "description": "Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project\/wger prior to 2.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:14Z", - "updated_at": "2022-12-28T02:38:14Z", - "pushed_at": "2022-12-28T02:38:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-26508.json b/2022/CVE-2022-26508.json new file mode 100644 index 0000000000..2f3e730b38 --- /dev/null +++ b/2022/CVE-2022-26508.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912339, + "name": "CVE-2022-26508", + "full_name": "Live-Hack-CVE\/CVE-2022-26508", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26508", + "description": "Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:02Z", + "updated_at": "2022-12-28T08:03:02Z", + "pushed_at": "2022-12-28T08:03:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26513.json b/2022/CVE-2022-26513.json new file mode 100644 index 0000000000..968c8db2dd --- /dev/null +++ b/2022/CVE-2022-26513.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924139, + "name": "CVE-2022-26513", + "full_name": "Live-Hack-CVE\/CVE-2022-26513", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26513", + "description": "Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:04Z", + "updated_at": "2022-12-28T08:48:04Z", + "pushed_at": "2022-12-28T08:48:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26520.json b/2022/CVE-2022-26520.json new file mode 100644 index 0000000000..9f9a5f91e6 --- /dev/null +++ b/2022/CVE-2022-26520.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968724, + "name": "CVE-2022-26520", + "full_name": "Live-Hack-CVE\/CVE-2022-26520", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26520", + "description": "** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web r CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:15Z", + "updated_at": "2022-12-28T11:29:15Z", + "pushed_at": "2022-12-28T11:29:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26651.json b/2022/CVE-2022-26651.json new file mode 100644 index 0000000000..1c38adaf90 --- /dev/null +++ b/2022/CVE-2022-26651.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893242, + "name": "CVE-2022-26651", + "full_name": "Live-Hack-CVE\/CVE-2022-26651", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26651", + "description": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:46:32Z", + "updated_at": "2022-12-28T06:46:32Z", + "pushed_at": "2022-12-28T06:46:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26704.json b/2022/CVE-2022-26704.json new file mode 100644 index 0000000000..85d38cf4f2 --- /dev/null +++ b/2022/CVE-2022-26704.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957825, + "name": "CVE-2022-26704", + "full_name": "Live-Hack-CVE\/CVE-2022-26704", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26704", + "description": "A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:52Z", + "updated_at": "2022-12-28T10:48:52Z", + "pushed_at": "2022-12-28T10:48:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26744.json b/2022/CVE-2022-26744.json new file mode 100644 index 0000000000..239c0190d9 --- /dev/null +++ b/2022/CVE-2022-26744.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924318, + "name": "CVE-2022-26744", + "full_name": "Live-Hack-CVE\/CVE-2022-26744", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26744", + "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:43Z", + "updated_at": "2022-12-28T08:48:43Z", + "pushed_at": "2022-12-28T08:48:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26845.json b/2022/CVE-2022-26845.json new file mode 100644 index 0000000000..00b306719a --- /dev/null +++ b/2022/CVE-2022-26845.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913106, + "name": "CVE-2022-26845", + "full_name": "Live-Hack-CVE\/CVE-2022-26845", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26845", + "description": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:05:53Z", + "updated_at": "2022-12-28T08:05:53Z", + "pushed_at": "2022-12-28T08:05:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26885.json b/2022/CVE-2022-26885.json deleted file mode 100644 index 4f4d9f8080..0000000000 --- a/2022/CVE-2022-26885.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841382, - "name": "CVE-2022-26885", - "full_name": "Live-Hack-CVE\/CVE-2022-26885", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-26885", - "description": "When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:13Z", - "updated_at": "2022-12-28T02:36:13Z", - "pushed_at": "2022-12-28T02:36:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2711.json b/2022/CVE-2022-2711.json new file mode 100644 index 0000000000..40c48f0375 --- /dev/null +++ b/2022/CVE-2022-2711.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969335, + "name": "CVE-2022-2711", + "full_name": "Live-Hack-CVE\/CVE-2022-2711", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2711", + "description": "The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:31:22Z", + "updated_at": "2022-12-28T11:31:22Z", + "pushed_at": "2022-12-28T11:31:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27187.json b/2022/CVE-2022-27187.json new file mode 100644 index 0000000000..5e4dc9d464 --- /dev/null +++ b/2022/CVE-2022-27187.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935458, + "name": "CVE-2022-27187", + "full_name": "Live-Hack-CVE\/CVE-2022-27187", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27187", + "description": "Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:04Z", + "updated_at": "2022-12-28T09:29:04Z", + "pushed_at": "2022-12-28T09:29:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27201.json b/2022/CVE-2022-27201.json deleted file mode 100644 index 057bacff21..0000000000 --- a/2022/CVE-2022-27201.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849672, - "name": "CVE-2022-27201", - "full_name": "Live-Hack-CVE\/CVE-2022-27201", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27201", - "description": "Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller\/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extracti CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:57Z", - "updated_at": "2022-12-28T03:18:57Z", - "pushed_at": "2022-12-28T03:18:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2721.json b/2022/CVE-2022-2721.json deleted file mode 100644 index afd242ec0e..0000000000 --- a/2022/CVE-2022-2721.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848592, - "name": "CVE-2022-2721", - "full_name": "Live-Hack-CVE\/CVE-2022-2721", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2721", - "description": "In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:20Z", - "updated_at": "2022-12-28T03:13:20Z", - "pushed_at": "2022-12-28T03:13:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-27233.json b/2022/CVE-2022-27233.json new file mode 100644 index 0000000000..a0757363dd --- /dev/null +++ b/2022/CVE-2022-27233.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935486, + "name": "CVE-2022-27233", + "full_name": "Live-Hack-CVE\/CVE-2022-27233", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27233", + "description": "XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:08Z", + "updated_at": "2022-12-28T09:29:08Z", + "pushed_at": "2022-12-28T09:29:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27380.json b/2022/CVE-2022-27380.json new file mode 100644 index 0000000000..3b5900988b --- /dev/null +++ b/2022/CVE-2022-27380.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980968, + "name": "CVE-2022-27380", + "full_name": "Live-Hack-CVE\/CVE-2022-27380", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27380", + "description": "An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:04Z", + "updated_at": "2022-12-28T12:13:04Z", + "pushed_at": "2022-12-28T12:13:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27497.json b/2022/CVE-2022-27497.json new file mode 100644 index 0000000000..29586cc3d5 --- /dev/null +++ b/2022/CVE-2022-27497.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913130, + "name": "CVE-2022-27497", + "full_name": "Live-Hack-CVE\/CVE-2022-27497", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27497", + "description": "Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:05:57Z", + "updated_at": "2022-12-28T08:05:57Z", + "pushed_at": "2022-12-28T08:05:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27499.json b/2022/CVE-2022-27499.json new file mode 100644 index 0000000000..7ac739a33d --- /dev/null +++ b/2022/CVE-2022-27499.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913092, + "name": "CVE-2022-27499", + "full_name": "Live-Hack-CVE\/CVE-2022-27499", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27499", + "description": "Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:05:49Z", + "updated_at": "2022-12-28T08:05:49Z", + "pushed_at": "2022-12-28T08:05:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27510.json b/2022/CVE-2022-27510.json new file mode 100644 index 0000000000..da8996d65a --- /dev/null +++ b/2022/CVE-2022-27510.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960270, + "name": "CVE-2022-27510", + "full_name": "Live-Hack-CVE\/CVE-2022-27510", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27510", + "description": "Unauthorized access to Gateway user capabilities CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:42Z", + "updated_at": "2022-12-28T10:57:42Z", + "pushed_at": "2022-12-28T10:57:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27513.json b/2022/CVE-2022-27513.json new file mode 100644 index 0000000000..d8347d6a0e --- /dev/null +++ b/2022/CVE-2022-27513.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960176, + "name": "CVE-2022-27513", + "full_name": "Live-Hack-CVE\/CVE-2022-27513", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27513", + "description": "Remote desktop takeover via phishing CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:20Z", + "updated_at": "2022-12-28T10:57:20Z", + "pushed_at": "2022-12-28T10:57:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27516.json b/2022/CVE-2022-27516.json new file mode 100644 index 0000000000..164ecadf9f --- /dev/null +++ b/2022/CVE-2022-27516.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969417, + "name": "CVE-2022-27516", + "full_name": "Live-Hack-CVE\/CVE-2022-27516", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27516", + "description": "User login brute force protection functionality bypass CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:31:39Z", + "updated_at": "2022-12-28T11:31:39Z", + "pushed_at": "2022-12-28T11:31:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27536.json b/2022/CVE-2022-27536.json new file mode 100644 index 0000000000..3d58147d14 --- /dev/null +++ b/2022/CVE-2022-27536.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968830, + "name": "CVE-2022-27536", + "full_name": "Live-Hack-CVE\/CVE-2022-27536", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27536", + "description": "Certificate.Verify in crypto\/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:36Z", + "updated_at": "2022-12-28T11:29:36Z", + "pushed_at": "2022-12-28T11:29:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2756.json b/2022/CVE-2022-2756.json new file mode 100644 index 0000000000..bab6f0063a --- /dev/null +++ b/2022/CVE-2022-2756.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945884, + "name": "CVE-2022-2756", + "full_name": "Live-Hack-CVE\/CVE-2022-2756", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2756", + "description": "Server-Side Request Forgery (SSRF) in GitHub repository kareadita\/kavita prior to 0.5.4.1. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:03Z", + "updated_at": "2022-12-28T10:06:03Z", + "pushed_at": "2022-12-28T10:06:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2758.json b/2022/CVE-2022-2758.json new file mode 100644 index 0000000000..5f64ad6f72 --- /dev/null +++ b/2022/CVE-2022-2758.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945735, + "name": "CVE-2022-2758", + "full_name": "Live-Hack-CVE\/CVE-2022-2758", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2758", + "description": "Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU\/H\/A\/S\/E prior to V3.50, all versions of XGI-CPUU\/UD\/H\/S\/E prior to V3.20, all versions of XGR-CPUH CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:05:35Z", + "updated_at": "2022-12-28T10:05:35Z", + "pushed_at": "2022-12-28T10:05:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2761.json b/2022/CVE-2022-2761.json new file mode 100644 index 0000000000..1dd0f342a8 --- /dev/null +++ b/2022/CVE-2022-2761.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948477, + "name": "CVE-2022-2761", + "full_name": "Live-Hack-CVE\/CVE-2022-2761", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2761", + "description": "An information disclosure issue in GitLab CE\/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:14:47Z", + "updated_at": "2022-12-28T10:14:47Z", + "pushed_at": "2022-12-28T10:14:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27631.json b/2022/CVE-2022-27631.json deleted file mode 100644 index e5420d2de5..0000000000 --- a/2022/CVE-2022-27631.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825235, - "name": "CVE-2022-27631", - "full_name": "Live-Hack-CVE\/CVE-2022-27631", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27631", - "description": "A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:09:18Z", - "updated_at": "2022-12-28T01:09:18Z", - "pushed_at": "2022-12-28T01:09:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-27638.json b/2022/CVE-2022-27638.json new file mode 100644 index 0000000000..2440f3b76a --- /dev/null +++ b/2022/CVE-2022-27638.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912859, + "name": "CVE-2022-27638", + "full_name": "Live-Hack-CVE\/CVE-2022-27638", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27638", + "description": "Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:05:00Z", + "updated_at": "2022-12-28T08:05:00Z", + "pushed_at": "2022-12-28T08:05:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27639.json b/2022/CVE-2022-27639.json new file mode 100644 index 0000000000..6c8a4abb23 --- /dev/null +++ b/2022/CVE-2022-27639.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924647, + "name": "CVE-2022-27639", + "full_name": "Live-Hack-CVE\/CVE-2022-27639", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27639", + "description": "Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:04Z", + "updated_at": "2022-12-28T08:50:04Z", + "pushed_at": "2022-12-28T08:50:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27650.json b/2022/CVE-2022-27650.json deleted file mode 100644 index b341d396cb..0000000000 --- a/2022/CVE-2022-27650.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857301, - "name": "CVE-2022-27650", - "full_name": "Live-Hack-CVE\/CVE-2022-27650", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27650", - "description": "A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:27Z", - "updated_at": "2022-12-28T03:59:27Z", - "pushed_at": "2022-12-28T03:59:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-27673.json b/2022/CVE-2022-27673.json new file mode 100644 index 0000000000..144196f5f9 --- /dev/null +++ b/2022/CVE-2022-27673.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913602, + "name": "CVE-2022-27673", + "full_name": "Live-Hack-CVE\/CVE-2022-27673", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27673", + "description": "Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:44Z", + "updated_at": "2022-12-28T08:07:44Z", + "pushed_at": "2022-12-28T08:07:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27674.json b/2022/CVE-2022-27674.json new file mode 100644 index 0000000000..3a6df8fac1 --- /dev/null +++ b/2022/CVE-2022-27674.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913611, + "name": "CVE-2022-27674", + "full_name": "Live-Hack-CVE\/CVE-2022-27674", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27674", + "description": "Insufficient validation in the IOCTL input\/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:48Z", + "updated_at": "2022-12-28T08:07:48Z", + "pushed_at": "2022-12-28T08:07:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2781.json b/2022/CVE-2022-2781.json new file mode 100644 index 0000000000..b8ab1158c9 --- /dev/null +++ b/2022/CVE-2022-2781.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959753, + "name": "CVE-2022-2781", + "full_name": "Live-Hack-CVE\/CVE-2022-2781", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2781", + "description": "In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:00Z", + "updated_at": "2022-12-28T10:56:00Z", + "pushed_at": "2022-12-28T10:56:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27812.json b/2022/CVE-2022-27812.json new file mode 100644 index 0000000000..c578a40d7f --- /dev/null +++ b/2022/CVE-2022-27812.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913564, + "name": "CVE-2022-27812", + "full_name": "Live-Hack-CVE\/CVE-2022-27812", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27812", + "description": "Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:37Z", + "updated_at": "2022-12-28T08:07:37Z", + "pushed_at": "2022-12-28T08:07:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2783.json b/2022/CVE-2022-2783.json new file mode 100644 index 0000000000..0fb035c618 --- /dev/null +++ b/2022/CVE-2022-2783.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980915, + "name": "CVE-2022-2783", + "full_name": "Live-Hack-CVE\/CVE-2022-2783", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2783", + "description": "In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:53Z", + "updated_at": "2022-12-28T12:12:53Z", + "pushed_at": "2022-12-28T12:12:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27855.json b/2022/CVE-2022-27855.json new file mode 100644 index 0000000000..7fb2874fe0 --- /dev/null +++ b/2022/CVE-2022-27855.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970700, + "name": "CVE-2022-27855", + "full_name": "Live-Hack-CVE\/CVE-2022-27855", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27855", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:16Z", + "updated_at": "2022-12-28T11:36:16Z", + "pushed_at": "2022-12-28T11:36:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27858.json b/2022/CVE-2022-27858.json new file mode 100644 index 0000000000..2845ce63fd --- /dev/null +++ b/2022/CVE-2022-27858.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970719, + "name": "CVE-2022-27858", + "full_name": "Live-Hack-CVE\/CVE-2022-27858", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27858", + "description": "CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:20Z", + "updated_at": "2022-12-28T11:36:20Z", + "pushed_at": "2022-12-28T11:36:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2787.json b/2022/CVE-2022-2787.json new file mode 100644 index 0000000000..10003c25ce --- /dev/null +++ b/2022/CVE-2022-2787.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914684, + "name": "CVE-2022-2787", + "full_name": "Live-Hack-CVE\/CVE-2022-2787", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2787", + "description": "Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:11:48Z", + "updated_at": "2022-12-28T08:11:48Z", + "pushed_at": "2022-12-28T08:11:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27874.json b/2022/CVE-2022-27874.json new file mode 100644 index 0000000000..84f05dc8c6 --- /dev/null +++ b/2022/CVE-2022-27874.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924616, + "name": "CVE-2022-27874", + "full_name": "Live-Hack-CVE\/CVE-2022-27874", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27874", + "description": "Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:49:57Z", + "updated_at": "2022-12-28T08:49:57Z", + "pushed_at": "2022-12-28T08:49:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27893.json b/2022/CVE-2022-27893.json new file mode 100644 index 0000000000..1e9e548f14 --- /dev/null +++ b/2022/CVE-2022-27893.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946938, + "name": "CVE-2022-27893", + "full_name": "Live-Hack-CVE\/CVE-2022-27893", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27893", + "description": "The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:36Z", + "updated_at": "2022-12-28T10:09:36Z", + "pushed_at": "2022-12-28T10:09:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27895.json b/2022/CVE-2022-27895.json new file mode 100644 index 0000000000..4a1109541a --- /dev/null +++ b/2022/CVE-2022-27895.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902045, + "name": "CVE-2022-27895", + "full_name": "Live-Hack-CVE\/CVE-2022-27895", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27895", + "description": "Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:13Z", + "updated_at": "2022-12-28T07:22:13Z", + "pushed_at": "2022-12-28T07:22:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27896.json b/2022/CVE-2022-27896.json new file mode 100644 index 0000000000..bc65aa54d4 --- /dev/null +++ b/2022/CVE-2022-27896.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902364, + "name": "CVE-2022-27896", + "full_name": "Live-Hack-CVE\/CVE-2022-27896", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27896", + "description": "Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks ve CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:31Z", + "updated_at": "2022-12-28T07:23:31Z", + "pushed_at": "2022-12-28T07:23:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2791.json b/2022/CVE-2022-2791.json deleted file mode 100644 index 5acc8ff19d..0000000000 --- a/2022/CVE-2022-2791.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863809, - "name": "CVE-2022-2791", - "full_name": "Live-Hack-CVE\/CVE-2022-2791", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2791", - "description": "Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:45Z", - "updated_at": "2022-12-28T04:33:45Z", - "pushed_at": "2022-12-28T04:33:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-27914.json b/2022/CVE-2022-27914.json new file mode 100644 index 0000000000..57ab228bcf --- /dev/null +++ b/2022/CVE-2022-27914.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970731, + "name": "CVE-2022-27914", + "full_name": "Live-Hack-CVE\/CVE-2022-27914", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27914", + "description": "An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:23Z", + "updated_at": "2022-12-28T11:36:23Z", + "pushed_at": "2022-12-28T11:36:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-27949.json b/2022/CVE-2022-27949.json new file mode 100644 index 0000000000..2155d9fad9 --- /dev/null +++ b/2022/CVE-2022-27949.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923794, + "name": "CVE-2022-27949", + "full_name": "Live-Hack-CVE\/CVE-2022-27949", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-27949", + "description": "A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:47Z", + "updated_at": "2022-12-28T08:46:47Z", + "pushed_at": "2022-12-28T08:46:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2807.json b/2022/CVE-2022-2807.json deleted file mode 100644 index 6ff39710ca..0000000000 --- a/2022/CVE-2022-2807.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811942, - "name": "CVE-2022-2807", - "full_name": "Live-Hack-CVE\/CVE-2022-2807", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2807", - "description": "Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:33Z", - "updated_at": "2022-12-27T23:51:33Z", - "pushed_at": "2022-12-27T23:51:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2808.json b/2022/CVE-2022-2808.json deleted file mode 100644 index bda4af5019..0000000000 --- a/2022/CVE-2022-2808.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811961, - "name": "CVE-2022-2808", - "full_name": "Live-Hack-CVE\/CVE-2022-2808", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2808", - "description": "Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:40Z", - "updated_at": "2022-12-27T23:51:40Z", - "pushed_at": "2022-12-27T23:51:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-28126.json b/2022/CVE-2022-28126.json new file mode 100644 index 0000000000..312774c324 --- /dev/null +++ b/2022/CVE-2022-28126.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924568, + "name": "CVE-2022-28126", + "full_name": "Live-Hack-CVE\/CVE-2022-28126", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28126", + "description": "Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:49:46Z", + "updated_at": "2022-12-28T08:49:46Z", + "pushed_at": "2022-12-28T08:49:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-28347.json b/2022/CVE-2022-28347.json new file mode 100644 index 0000000000..1b557d9016 --- /dev/null +++ b/2022/CVE-2022-28347.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983577, + "name": "CVE-2022-28347", + "full_name": "Live-Hack-CVE\/CVE-2022-28347", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28347", + "description": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:21:59Z", + "updated_at": "2022-12-28T12:21:59Z", + "pushed_at": "2022-12-28T12:22:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-28389.json b/2022/CVE-2022-28389.json deleted file mode 100644 index 8d7b490b0f..0000000000 --- a/2022/CVE-2022-28389.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848374, - "name": "CVE-2022-28389", - "full_name": "Live-Hack-CVE\/CVE-2022-28389", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28389", - "description": "mcba_usb_start_xmit in drivers\/net\/can\/usb\/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:21Z", - "updated_at": "2022-12-28T03:12:51Z", - "pushed_at": "2022-12-28T03:12:23Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2840.json b/2022/CVE-2022-2840.json deleted file mode 100644 index 91e808f8a5..0000000000 --- a/2022/CVE-2022-2840.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819025, - "name": "CVE-2022-2840", - "full_name": "Live-Hack-CVE\/CVE-2022-2840", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2840", - "description": "The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:32:06Z", - "updated_at": "2022-12-28T00:32:06Z", - "pushed_at": "2022-12-28T00:32:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-28607.json b/2022/CVE-2022-28607.json deleted file mode 100644 index 922da01ef9..0000000000 --- a/2022/CVE-2022-28607.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812209, - "name": "CVE-2022-28607", - "full_name": "Live-Hack-CVE\/CVE-2022-28607", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28607", - "description": "An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to \/system\/user\/modules\/mod_users\/controller.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:53:05Z", - "updated_at": "2022-12-27T23:53:05Z", - "pushed_at": "2022-12-27T23:53:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-28611.json b/2022/CVE-2022-28611.json new file mode 100644 index 0000000000..5ebdd2cb05 --- /dev/null +++ b/2022/CVE-2022-28611.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924378, + "name": "CVE-2022-28611", + "full_name": "Live-Hack-CVE\/CVE-2022-28611", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28611", + "description": "Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:57Z", + "updated_at": "2022-12-28T08:48:57Z", + "pushed_at": "2022-12-28T08:48:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2863.json b/2022/CVE-2022-2863.json new file mode 100644 index 0000000000..9330552c5d --- /dev/null +++ b/2022/CVE-2022-2863.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959788, + "name": "CVE-2022-2863", + "full_name": "Live-Hack-CVE\/CVE-2022-2863", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2863", + "description": "The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:56:08Z", + "updated_at": "2022-12-28T10:56:08Z", + "pushed_at": "2022-12-28T10:56:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-28667.json b/2022/CVE-2022-28667.json new file mode 100644 index 0000000000..057c5cd957 --- /dev/null +++ b/2022/CVE-2022-28667.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912822, + "name": "CVE-2022-28667", + "full_name": "Live-Hack-CVE\/CVE-2022-28667", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28667", + "description": "Out-of-bounds write for some Intel(R) PROSet\/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:53Z", + "updated_at": "2022-12-28T08:04:53Z", + "pushed_at": "2022-12-28T08:04:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2867.json b/2022/CVE-2022-2867.json deleted file mode 100644 index 59305b5f1d..0000000000 --- a/2022/CVE-2022-2867.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849325, - "name": "CVE-2022-2867", - "full_name": "Live-Hack-CVE\/CVE-2022-2867", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2867", - "description": "libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:10Z", - "updated_at": "2022-12-28T03:17:10Z", - "pushed_at": "2022-12-28T03:17:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2868.json b/2022/CVE-2022-2868.json deleted file mode 100644 index 5920521717..0000000000 --- a/2022/CVE-2022-2868.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849360, - "name": "CVE-2022-2868", - "full_name": "Live-Hack-CVE\/CVE-2022-2868", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2868", - "description": "libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:18Z", - "updated_at": "2022-12-28T03:17:18Z", - "pushed_at": "2022-12-28T03:17:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-28689.json b/2022/CVE-2022-28689.json new file mode 100644 index 0000000000..e0f66f7990 --- /dev/null +++ b/2022/CVE-2022-28689.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957984, + "name": "CVE-2022-28689", + "full_name": "Live-Hack-CVE\/CVE-2022-28689", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28689", + "description": "A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:49:29Z", + "updated_at": "2022-12-28T10:49:29Z", + "pushed_at": "2022-12-28T10:49:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2869.json b/2022/CVE-2022-2869.json deleted file mode 100644 index 680214083f..0000000000 --- a/2022/CVE-2022-2869.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857069, - "name": "CVE-2022-2869", - "full_name": "Live-Hack-CVE\/CVE-2022-2869", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2869", - "description": "libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:58:08Z", - "updated_at": "2022-12-28T03:58:08Z", - "pushed_at": "2022-12-28T03:58:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-28738.json b/2022/CVE-2022-28738.json deleted file mode 100644 index c675c5d939..0000000000 --- a/2022/CVE-2022-28738.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849020, - "name": "CVE-2022-28738", - "full_name": "Live-Hack-CVE\/CVE-2022-28738", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28738", - "description": "A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:15:39Z", - "updated_at": "2022-12-28T03:15:39Z", - "pushed_at": "2022-12-28T03:15:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-28739.json b/2022/CVE-2022-28739.json new file mode 100644 index 0000000000..cc087bface --- /dev/null +++ b/2022/CVE-2022-28739.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980938, + "name": "CVE-2022-28739", + "full_name": "Live-Hack-CVE\/CVE-2022-28739", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28739", + "description": "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:57Z", + "updated_at": "2022-12-28T12:12:57Z", + "pushed_at": "2022-12-28T12:12:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-28764.json b/2022/CVE-2022-28764.json new file mode 100644 index 0000000000..9babd5ed40 --- /dev/null +++ b/2022/CVE-2022-28764.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902378, + "name": "CVE-2022-28764", + "full_name": "Live-Hack-CVE\/CVE-2022-28764", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28764", + "description": "The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:35Z", + "updated_at": "2022-12-28T07:23:35Z", + "pushed_at": "2022-12-28T07:23:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-28766.json b/2022/CVE-2022-28766.json deleted file mode 100644 index 86320bd9e8..0000000000 --- a/2022/CVE-2022-28766.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872729, - "name": "CVE-2022-28766", - "full_name": "Live-Hack-CVE\/CVE-2022-28766", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28766", - "description": "Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:00Z", - "updated_at": "2022-12-28T05:19:00Z", - "pushed_at": "2022-12-28T05:19:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-28768.json b/2022/CVE-2022-28768.json deleted file mode 100644 index 6c7fdcdb7f..0000000000 --- a/2022/CVE-2022-28768.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872686, - "name": "CVE-2022-28768", - "full_name": "Live-Hack-CVE\/CVE-2022-28768", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28768", - "description": "The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:46Z", - "updated_at": "2022-12-28T05:18:46Z", - "pushed_at": "2022-12-28T05:18:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-28805.json b/2022/CVE-2022-28805.json deleted file mode 100644 index 03d0c0b2eb..0000000000 --- a/2022/CVE-2022-28805.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841467, - "name": "CVE-2022-28805", - "full_name": "Live-Hack-CVE\/CVE-2022-28805", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28805", - "description": "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:41Z", - "updated_at": "2022-12-28T02:36:41Z", - "pushed_at": "2022-12-28T02:36:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2881.json b/2022/CVE-2022-2881.json new file mode 100644 index 0000000000..982ff828ee --- /dev/null +++ b/2022/CVE-2022-2881.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914654, + "name": "CVE-2022-2881", + "full_name": "Live-Hack-CVE\/CVE-2022-2881", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2881", + "description": "The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:11:41Z", + "updated_at": "2022-12-28T08:11:41Z", + "pushed_at": "2022-12-28T08:11:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-28892.json b/2022/CVE-2022-28892.json new file mode 100644 index 0000000000..84e5323d75 --- /dev/null +++ b/2022/CVE-2022-28892.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913261, + "name": "CVE-2022-28892", + "full_name": "Live-Hack-CVE\/CVE-2022-28892", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-28892", + "description": "Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:23Z", + "updated_at": "2022-12-28T08:06:23Z", + "pushed_at": "2022-12-28T08:06:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2906.json b/2022/CVE-2022-2906.json deleted file mode 100644 index c14320f83f..0000000000 --- a/2022/CVE-2022-2906.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819496, - "name": "CVE-2022-2906", - "full_name": "Live-Hack-CVE\/CVE-2022-2906", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2906", - "description": "An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:52Z", - "updated_at": "2022-12-28T00:34:52Z", - "pushed_at": "2022-12-28T00:34:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29078.json b/2022/CVE-2022-29078.json new file mode 100644 index 0000000000..0f61eb9e6f --- /dev/null +++ b/2022/CVE-2022-29078.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968845, + "name": "CVE-2022-29078", + "full_name": "Live-Hack-CVE\/CVE-2022-29078", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29078", + "description": "The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:29:39Z", + "updated_at": "2022-12-28T11:29:39Z", + "pushed_at": "2022-12-28T11:29:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29218.json b/2022/CVE-2022-29218.json deleted file mode 100644 index e572c97610..0000000000 --- a/2022/CVE-2022-29218.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824569, - "name": "CVE-2022-29218", - "full_name": "Live-Hack-CVE\/CVE-2022-29218", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29218", - "description": "RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:05:25Z", - "updated_at": "2022-12-28T01:05:25Z", - "pushed_at": "2022-12-28T01:05:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29248.json b/2022/CVE-2022-29248.json deleted file mode 100644 index 30f08ef31b..0000000000 --- a/2022/CVE-2022-29248.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819127, - "name": "CVE-2022-29248", - "full_name": "Live-Hack-CVE\/CVE-2022-29248", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29248", - "description": "Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unre CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:32:44Z", - "updated_at": "2022-12-28T00:32:44Z", - "pushed_at": "2022-12-28T00:32:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29275.json b/2022/CVE-2022-29275.json deleted file mode 100644 index 383a54ce1a..0000000000 --- a/2022/CVE-2022-29275.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865376, - "name": "CVE-2022-29275", - "full_name": "Live-Hack-CVE\/CVE-2022-29275", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29275", - "description": "In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:41:48Z", - "updated_at": "2022-12-28T04:41:48Z", - "pushed_at": "2022-12-28T04:41:50Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29276.json b/2022/CVE-2022-29276.json deleted file mode 100644 index 35b7d50807..0000000000 --- a/2022/CVE-2022-29276.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849577, - "name": "CVE-2022-29276", - "full_name": "Live-Hack-CVE\/CVE-2022-29276", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29276", - "description": "SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:31Z", - "updated_at": "2022-12-28T03:18:31Z", - "pushed_at": "2022-12-28T03:18:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29277.json b/2022/CVE-2022-29277.json deleted file mode 100644 index 8bac12900e..0000000000 --- a/2022/CVE-2022-29277.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872416, - "name": "CVE-2022-29277", - "full_name": "Live-Hack-CVE\/CVE-2022-29277", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29277", - "description": "Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.00 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:31Z", - "updated_at": "2022-12-28T05:17:31Z", - "pushed_at": "2022-12-28T05:17:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29278.json b/2022/CVE-2022-29278.json deleted file mode 100644 index 97a6701eab..0000000000 --- a/2022/CVE-2022-29278.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849588, - "name": "CVE-2022-29278", - "full_name": "Live-Hack-CVE\/CVE-2022-29278", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29278", - "description": "Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Vers CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:35Z", - "updated_at": "2022-12-28T03:18:35Z", - "pushed_at": "2022-12-28T03:18:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29279.json b/2022/CVE-2022-29279.json deleted file mode 100644 index de26053906..0000000000 --- a/2022/CVE-2022-29279.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865164, - "name": "CVE-2022-29279", - "full_name": "Live-Hack-CVE\/CVE-2022-29279", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29279", - "description": "Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:43Z", - "updated_at": "2022-12-28T04:40:43Z", - "pushed_at": "2022-12-28T04:40:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2928.json b/2022/CVE-2022-2928.json deleted file mode 100644 index d92d7c1d10..0000000000 --- a/2022/CVE-2022-2928.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857183, - "name": "CVE-2022-2928", - "full_name": "Live-Hack-CVE\/CVE-2022-2928", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2928", - "description": "In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:58:46Z", - "updated_at": "2022-12-28T03:58:46Z", - "pushed_at": "2022-12-28T03:58:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29281.json b/2022/CVE-2022-29281.json deleted file mode 100644 index 52ba442194..0000000000 --- a/2022/CVE-2022-29281.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824845, - "name": "CVE-2022-29281", - "full_name": "Live-Hack-CVE\/CVE-2022-29281", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29281", - "description": "Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:59Z", - "updated_at": "2022-12-28T01:06:59Z", - "pushed_at": "2022-12-28T01:07:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29458.json b/2022/CVE-2022-29458.json new file mode 100644 index 0000000000..b41aec4d7a --- /dev/null +++ b/2022/CVE-2022-29458.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980725, + "name": "CVE-2022-29458", + "full_name": "Live-Hack-CVE\/CVE-2022-29458", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29458", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo\/read_entry.c in the terminfo library. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:10Z", + "updated_at": "2022-12-28T12:12:11Z", + "pushed_at": "2022-12-28T12:12:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29466.json b/2022/CVE-2022-29466.json new file mode 100644 index 0000000000..5e814a4046 --- /dev/null +++ b/2022/CVE-2022-29466.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912804, + "name": "CVE-2022-29466", + "full_name": "Live-Hack-CVE\/CVE-2022-29466", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29466", + "description": "Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:50Z", + "updated_at": "2022-12-28T08:04:50Z", + "pushed_at": "2022-12-28T08:04:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29481.json b/2022/CVE-2022-29481.json new file mode 100644 index 0000000000..a257d07e23 --- /dev/null +++ b/2022/CVE-2022-29481.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957998, + "name": "CVE-2022-29481", + "full_name": "Live-Hack-CVE\/CVE-2022-29481", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29481", + "description": "A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:49:32Z", + "updated_at": "2022-12-28T10:49:32Z", + "pushed_at": "2022-12-28T10:49:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29486.json b/2022/CVE-2022-29486.json new file mode 100644 index 0000000000..3687374008 --- /dev/null +++ b/2022/CVE-2022-29486.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912356, + "name": "CVE-2022-29486", + "full_name": "Live-Hack-CVE\/CVE-2022-29486", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29486", + "description": "Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04\/29\/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:06Z", + "updated_at": "2022-12-28T08:03:06Z", + "pushed_at": "2022-12-28T08:03:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29515.json b/2022/CVE-2022-29515.json new file mode 100644 index 0000000000..d47cf2d6bd --- /dev/null +++ b/2022/CVE-2022-29515.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912324, + "name": "CVE-2022-29515", + "full_name": "Live-Hack-CVE\/CVE-2022-29515", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29515", + "description": "Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:58Z", + "updated_at": "2022-12-28T08:02:58Z", + "pushed_at": "2022-12-28T08:03:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29548.json b/2022/CVE-2022-29548.json index 8dbf59f303..3726b270be 100644 --- a/2022/CVE-2022-29548.json +++ b/2022/CVE-2022-29548.json @@ -27,34 +27,5 @@ "forks": 2, "watchers": 6, "score": 0 - }, - { - "id": 582824819, - "name": "CVE-2022-29548", - "full_name": "Live-Hack-CVE\/CVE-2022-29548", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29548", - "description": "A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:52Z", - "updated_at": "2022-12-28T01:06:52Z", - "pushed_at": "2022-12-28T01:06:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-29620.json b/2022/CVE-2022-29620.json new file mode 100644 index 0000000000..236e426d84 --- /dev/null +++ b/2022/CVE-2022-29620.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969701, + "name": "CVE-2022-29620", + "full_name": "Live-Hack-CVE\/CVE-2022-29620", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29620", + "description": "** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:49Z", + "updated_at": "2022-12-28T11:32:49Z", + "pushed_at": "2022-12-28T11:32:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-2975.json b/2022/CVE-2022-2975.json deleted file mode 100644 index 1a91c41f95..0000000000 --- a/2022/CVE-2022-2975.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825169, - "name": "CVE-2022-2975", - "full_name": "Live-Hack-CVE\/CVE-2022-2975", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2975", - "description": "A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:08:54Z", - "updated_at": "2022-12-28T01:08:54Z", - "pushed_at": "2022-12-28T01:08:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29824.json b/2022/CVE-2022-29824.json new file mode 100644 index 0000000000..17c3294fc3 --- /dev/null +++ b/2022/CVE-2022-29824.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946270, + "name": "CVE-2022-29824", + "full_name": "Live-Hack-CVE\/CVE-2022-29824", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29824", + "description": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for exampl CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:22Z", + "updated_at": "2022-12-28T10:07:22Z", + "pushed_at": "2022-12-28T10:07:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29825.json b/2022/CVE-2022-29825.json deleted file mode 100644 index 2152bd5238..0000000000 --- a/2022/CVE-2022-29825.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856351, - "name": "CVE-2022-29825", - "full_name": "Live-Hack-CVE\/CVE-2022-29825", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29825", - "description": "Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:17Z", - "updated_at": "2022-12-28T03:54:17Z", - "pushed_at": "2022-12-28T03:54:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29826.json b/2022/CVE-2022-29826.json deleted file mode 100644 index 970b1943d3..0000000000 --- a/2022/CVE-2022-29826.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856365, - "name": "CVE-2022-29826", - "full_name": "Live-Hack-CVE\/CVE-2022-29826", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29826", - "description": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:20Z", - "updated_at": "2022-12-28T03:54:20Z", - "pushed_at": "2022-12-28T03:54:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29827.json b/2022/CVE-2022-29827.json deleted file mode 100644 index ad75b0f080..0000000000 --- a/2022/CVE-2022-29827.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856483, - "name": "CVE-2022-29827", - "full_name": "Live-Hack-CVE\/CVE-2022-29827", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29827", - "description": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:01Z", - "updated_at": "2022-12-28T03:55:01Z", - "pushed_at": "2022-12-28T03:55:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29828.json b/2022/CVE-2022-29828.json deleted file mode 100644 index 91f6de8d1e..0000000000 --- a/2022/CVE-2022-29828.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856376, - "name": "CVE-2022-29828", - "full_name": "Live-Hack-CVE\/CVE-2022-29828", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29828", - "description": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:27Z", - "updated_at": "2022-12-28T03:54:27Z", - "pushed_at": "2022-12-28T03:54:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29829.json b/2022/CVE-2022-29829.json deleted file mode 100644 index c78359f602..0000000000 --- a/2022/CVE-2022-29829.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856383, - "name": "CVE-2022-29829", - "full_name": "Live-Hack-CVE\/CVE-2022-29829", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29829", - "description": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:30Z", - "updated_at": "2022-12-28T03:54:30Z", - "pushed_at": "2022-12-28T03:54:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2983.json b/2022/CVE-2022-2983.json deleted file mode 100644 index 1213963ccb..0000000000 --- a/2022/CVE-2022-2983.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848322, - "name": "CVE-2022-2983", - "full_name": "Live-Hack-CVE\/CVE-2022-2983", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2983", - "description": "The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:03Z", - "updated_at": "2022-12-28T03:12:03Z", - "pushed_at": "2022-12-28T03:12:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29830.json b/2022/CVE-2022-29830.json deleted file mode 100644 index 988e8d95f3..0000000000 --- a/2022/CVE-2022-29830.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856371, - "name": "CVE-2022-29830", - "full_name": "Live-Hack-CVE\/CVE-2022-29830", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29830", - "description": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:23Z", - "updated_at": "2022-12-28T03:54:23Z", - "pushed_at": "2022-12-28T03:54:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29831.json b/2022/CVE-2022-29831.json deleted file mode 100644 index 9d496752fe..0000000000 --- a/2022/CVE-2022-29831.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856391, - "name": "CVE-2022-29831", - "full_name": "Live-Hack-CVE\/CVE-2022-29831", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29831", - "description": "Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:33Z", - "updated_at": "2022-12-28T03:54:33Z", - "pushed_at": "2022-12-28T03:54:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29832.json b/2022/CVE-2022-29832.json deleted file mode 100644 index 8878737110..0000000000 --- a/2022/CVE-2022-29832.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856414, - "name": "CVE-2022-29832", - "full_name": "Live-Hack-CVE\/CVE-2022-29832", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29832", - "description": "Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:43Z", - "updated_at": "2022-12-28T03:54:43Z", - "pushed_at": "2022-12-28T03:54:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29833.json b/2022/CVE-2022-29833.json deleted file mode 100644 index 75380b08ae..0000000000 --- a/2022/CVE-2022-29833.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856425, - "name": "CVE-2022-29833", - "full_name": "Live-Hack-CVE\/CVE-2022-29833", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29833", - "description": "Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illgally. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:47Z", - "updated_at": "2022-12-28T03:54:47Z", - "pushed_at": "2022-12-28T03:54:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-2986.json b/2022/CVE-2022-2986.json new file mode 100644 index 0000000000..fbf84f0806 --- /dev/null +++ b/2022/CVE-2022-2986.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959556, + "name": "CVE-2022-2986", + "full_name": "Live-Hack-CVE\/CVE-2022-2986", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-2986", + "description": "Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:20Z", + "updated_at": "2022-12-28T10:55:20Z", + "pushed_at": "2022-12-28T10:55:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29885.json b/2022/CVE-2022-29885.json index 31fbde0877..c1d90ed571 100644 --- a/2022/CVE-2022-29885.json +++ b/2022/CVE-2022-29885.json @@ -27,5 +27,34 @@ "forks": 4, "watchers": 3, "score": 0 + }, + { + "id": 582980530, + "name": "CVE-2022-29885", + "full_name": "Live-Hack-CVE\/CVE-2022-29885", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29885", + "description": "The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integri CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:34Z", + "updated_at": "2022-12-28T12:11:34Z", + "pushed_at": "2022-12-28T12:11:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-29888.json b/2022/CVE-2022-29888.json new file mode 100644 index 0000000000..1b2ede2202 --- /dev/null +++ b/2022/CVE-2022-29888.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958160, + "name": "CVE-2022-29888", + "full_name": "Live-Hack-CVE\/CVE-2022-29888", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29888", + "description": "A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:08Z", + "updated_at": "2022-12-28T10:50:08Z", + "pushed_at": "2022-12-28T10:50:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29893.json b/2022/CVE-2022-29893.json new file mode 100644 index 0000000000..5859d8a570 --- /dev/null +++ b/2022/CVE-2022-29893.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912310, + "name": "CVE-2022-29893", + "full_name": "Live-Hack-CVE\/CVE-2022-29893", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29893", + "description": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:55Z", + "updated_at": "2022-12-28T08:02:55Z", + "pushed_at": "2022-12-28T08:02:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29930.json b/2022/CVE-2022-29930.json deleted file mode 100644 index 73f5d09afe..0000000000 --- a/2022/CVE-2022-29930.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582855996, - "name": "CVE-2022-29930", - "full_name": "Live-Hack-CVE\/CVE-2022-29930", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29930", - "description": "SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:52:15Z", - "updated_at": "2022-12-28T03:52:15Z", - "pushed_at": "2022-12-28T03:52:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-29959.json b/2022/CVE-2022-29959.json new file mode 100644 index 0000000000..c8b1550fb0 --- /dev/null +++ b/2022/CVE-2022-29959.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971129, + "name": "CVE-2022-29959", + "full_name": "Live-Hack-CVE\/CVE-2022-29959", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29959", + "description": "Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:42Z", + "updated_at": "2022-12-28T11:37:42Z", + "pushed_at": "2022-12-28T11:37:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29970.json b/2022/CVE-2022-29970.json new file mode 100644 index 0000000000..6db651d5e5 --- /dev/null +++ b/2022/CVE-2022-29970.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924339, + "name": "CVE-2022-29970", + "full_name": "Live-Hack-CVE\/CVE-2022-29970", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-29970", + "description": "Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:46Z", + "updated_at": "2022-12-28T08:48:46Z", + "pushed_at": "2022-12-28T08:48:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3002.json b/2022/CVE-2022-3002.json new file mode 100644 index 0000000000..29cd4ae6cf --- /dev/null +++ b/2022/CVE-2022-3002.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959636, + "name": "CVE-2022-3002", + "full_name": "Live-Hack-CVE\/CVE-2022-3002", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3002", + "description": "Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany\/yetiforcecrm prior to 6.4.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:39Z", + "updated_at": "2022-12-28T10:55:39Z", + "pushed_at": "2022-12-28T10:55:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30256.json b/2022/CVE-2022-30256.json deleted file mode 100644 index 280c41a0e8..0000000000 --- a/2022/CVE-2022-30256.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857368, - "name": "CVE-2022-30256", - "full_name": "Live-Hack-CVE\/CVE-2022-30256", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30256", - "description": "An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:50Z", - "updated_at": "2022-12-28T03:59:50Z", - "pushed_at": "2022-12-28T03:59:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30257.json b/2022/CVE-2022-30257.json deleted file mode 100644 index a5ae353bbf..0000000000 --- a/2022/CVE-2022-30257.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857273, - "name": "CVE-2022-30257", - "full_name": "Live-Hack-CVE\/CVE-2022-30257", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30257", - "description": "An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, becau CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:17Z", - "updated_at": "2022-12-28T03:59:17Z", - "pushed_at": "2022-12-28T03:59:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30258.json b/2022/CVE-2022-30258.json deleted file mode 100644 index d5f375d32d..0000000000 --- a/2022/CVE-2022-30258.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857285, - "name": "CVE-2022-30258", - "full_name": "Live-Hack-CVE\/CVE-2022-30258", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30258", - "description": "An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, becau CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:20Z", - "updated_at": "2022-12-28T03:59:20Z", - "pushed_at": "2022-12-28T03:59:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30283.json b/2022/CVE-2022-30283.json deleted file mode 100644 index 6db815920f..0000000000 --- a/2022/CVE-2022-30283.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865350, - "name": "CVE-2022-30283", - "full_name": "Live-Hack-CVE\/CVE-2022-30283", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30283", - "description": "In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of S CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:41:41Z", - "updated_at": "2022-12-28T04:41:41Z", - "pushed_at": "2022-12-28T04:41:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30297.json b/2022/CVE-2022-30297.json new file mode 100644 index 0000000000..fbed1ebc42 --- /dev/null +++ b/2022/CVE-2022-30297.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912388, + "name": "CVE-2022-30297", + "full_name": "Live-Hack-CVE\/CVE-2022-30297", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30297", + "description": "Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:13Z", + "updated_at": "2022-12-28T08:03:13Z", + "pushed_at": "2022-12-28T08:03:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30331.json b/2022/CVE-2022-30331.json new file mode 100644 index 0000000000..baeb847041 --- /dev/null +++ b/2022/CVE-2022-30331.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934238, + "name": "CVE-2022-30331", + "full_name": "Live-Hack-CVE\/CVE-2022-30331", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30331", + "description": "** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is \"GSQL was behaving as expected.\" CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:13Z", + "updated_at": "2022-12-28T09:25:13Z", + "pushed_at": "2022-12-28T09:25:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30459.json b/2022/CVE-2022-30459.json new file mode 100644 index 0000000000..18de82fbad --- /dev/null +++ b/2022/CVE-2022-30459.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912272, + "name": "CVE-2022-30459", + "full_name": "Live-Hack-CVE\/CVE-2022-30459", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30459", + "description": "ChatBot App with Suggestion in PHP\/OOP v1.0 is vulnerable to SQL Injection via \/simple_chat_bot\/classes\/Master.php?f=delete_response, id. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:47Z", + "updated_at": "2022-12-28T08:02:48Z", + "pushed_at": "2022-12-28T08:02:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30464.json b/2022/CVE-2022-30464.json new file mode 100644 index 0000000000..170da7de16 --- /dev/null +++ b/2022/CVE-2022-30464.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912254, + "name": "CVE-2022-30464", + "full_name": "Live-Hack-CVE\/CVE-2022-30464", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30464", + "description": "ChatBot App with Suggestion in PHP\/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via \/simple_chat_bot\/classes\/Master.php?f=save_response. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:44Z", + "updated_at": "2022-12-28T08:02:44Z", + "pushed_at": "2022-12-28T08:02:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30515.json b/2022/CVE-2022-30515.json new file mode 100644 index 0000000000..1a709f62fc --- /dev/null +++ b/2022/CVE-2022-30515.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970052, + "name": "CVE-2022-30515", + "full_name": "Live-Hack-CVE\/CVE-2022-30515", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30515", + "description": "ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:56Z", + "updated_at": "2022-12-28T11:33:56Z", + "pushed_at": "2022-12-28T11:33:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30528.json b/2022/CVE-2022-30528.json deleted file mode 100644 index f169b26b97..0000000000 --- a/2022/CVE-2022-30528.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812192, - "name": "CVE-2022-30528", - "full_name": "Live-Hack-CVE\/CVE-2022-30528", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30528", - "description": "SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to \/system\/user\/modules\/mod_users\/controller.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:57Z", - "updated_at": "2022-12-27T23:52:57Z", - "pushed_at": "2022-12-27T23:52:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30529.json b/2022/CVE-2022-30529.json deleted file mode 100644 index d474ae3652..0000000000 --- a/2022/CVE-2022-30529.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841532, - "name": "CVE-2022-30529", - "full_name": "Live-Hack-CVE\/CVE-2022-30529", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30529", - "description": "File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via \/system\/application\/libs\/js\/tinymce\/plugins\/filemanager\/dialog.php and \/system\/application\/libs\/js\/tinymce\/plugins\/filemanager\/upload.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:01Z", - "updated_at": "2022-12-28T02:37:01Z", - "pushed_at": "2022-12-28T02:37:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30542.json b/2022/CVE-2022-30542.json new file mode 100644 index 0000000000..ecbc4e8e5c --- /dev/null +++ b/2022/CVE-2022-30542.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912506, + "name": "CVE-2022-30542", + "full_name": "Live-Hack-CVE\/CVE-2022-30542", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30542", + "description": "Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:42Z", + "updated_at": "2022-12-28T08:03:42Z", + "pushed_at": "2022-12-28T08:03:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30543.json b/2022/CVE-2022-30543.json new file mode 100644 index 0000000000..1dcd7ce9fc --- /dev/null +++ b/2022/CVE-2022-30543.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969064, + "name": "CVE-2022-30543", + "full_name": "Live-Hack-CVE\/CVE-2022-30543", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30543", + "description": "A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:26Z", + "updated_at": "2022-12-28T11:30:26Z", + "pushed_at": "2022-12-28T11:30:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30545.json b/2022/CVE-2022-30545.json new file mode 100644 index 0000000000..92f8612f98 --- /dev/null +++ b/2022/CVE-2022-30545.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970750, + "name": "CVE-2022-30545", + "full_name": "Live-Hack-CVE\/CVE-2022-30545", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30545", + "description": "Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:27Z", + "updated_at": "2022-12-28T11:36:27Z", + "pushed_at": "2022-12-28T11:36:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30548.json b/2022/CVE-2022-30548.json new file mode 100644 index 0000000000..92b44a4e1b --- /dev/null +++ b/2022/CVE-2022-30548.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912524, + "name": "CVE-2022-30548", + "full_name": "Live-Hack-CVE\/CVE-2022-30548", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30548", + "description": "Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:45Z", + "updated_at": "2022-12-28T08:03:45Z", + "pushed_at": "2022-12-28T08:03:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30674.json b/2022/CVE-2022-30674.json new file mode 100644 index 0000000000..0626a32a18 --- /dev/null +++ b/2022/CVE-2022-30674.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947292, + "name": "CVE-2022-30674", + "full_name": "Live-Hack-CVE\/CVE-2022-30674", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30674", + "description": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vict CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:10:45Z", + "updated_at": "2022-12-28T10:10:45Z", + "pushed_at": "2022-12-28T10:10:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30691.json b/2022/CVE-2022-30691.json new file mode 100644 index 0000000000..5dd827d3f9 --- /dev/null +++ b/2022/CVE-2022-30691.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912553, + "name": "CVE-2022-30691", + "full_name": "Live-Hack-CVE\/CVE-2022-30691", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30691", + "description": "Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:52Z", + "updated_at": "2022-12-28T08:03:52Z", + "pushed_at": "2022-12-28T08:03:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30768.json b/2022/CVE-2022-30768.json new file mode 100644 index 0000000000..605112f985 --- /dev/null +++ b/2022/CVE-2022-30768.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901768, + "name": "CVE-2022-30768", + "full_name": "Live-Hack-CVE\/CVE-2022-30768", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30768", + "description": "A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a differ CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:14Z", + "updated_at": "2022-12-28T07:21:14Z", + "pushed_at": "2022-12-28T07:21:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30769.json b/2022/CVE-2022-30769.json new file mode 100644 index 0000000000..241f8dc944 --- /dev/null +++ b/2022/CVE-2022-30769.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913183, + "name": "CVE-2022-30769", + "full_name": "Live-Hack-CVE\/CVE-2022-30769", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30769", + "description": "Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:08Z", + "updated_at": "2022-12-28T08:06:08Z", + "pushed_at": "2022-12-28T08:06:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30771.json b/2022/CVE-2022-30771.json deleted file mode 100644 index 9d6991931b..0000000000 --- a/2022/CVE-2022-30771.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865199, - "name": "CVE-2022-30771", - "full_name": "Live-Hack-CVE\/CVE-2022-30771", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30771", - "description": "Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:53Z", - "updated_at": "2022-12-28T04:40:53Z", - "pushed_at": "2022-12-28T04:40:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30772.json b/2022/CVE-2022-30772.json deleted file mode 100644 index 04bc679409..0000000000 --- a/2022/CVE-2022-30772.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865180, - "name": "CVE-2022-30772", - "full_name": "Live-Hack-CVE\/CVE-2022-30772", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30772", - "description": "Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel me CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:46Z", - "updated_at": "2022-12-28T04:40:46Z", - "pushed_at": "2022-12-28T04:40:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30773.json b/2022/CVE-2022-30773.json new file mode 100644 index 0000000000..9729b10ced --- /dev/null +++ b/2022/CVE-2022-30773.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893633, + "name": "CVE-2022-30773", + "full_name": "Live-Hack-CVE\/CVE-2022-30773", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30773", + "description": "DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before the CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:48:05Z", + "updated_at": "2022-12-28T06:48:05Z", + "pushed_at": "2022-12-28T06:48:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30774.json b/2022/CVE-2022-30774.json new file mode 100644 index 0000000000..f1edda38d6 --- /dev/null +++ b/2022/CVE-2022-30774.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893578, + "name": "CVE-2022-30774", + "full_name": "Live-Hack-CVE\/CVE-2022-30774", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30774", + "description": "DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:54Z", + "updated_at": "2022-12-28T06:47:54Z", + "pushed_at": "2022-12-28T06:47:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30781.json b/2022/CVE-2022-30781.json index 0fd2ed029b..23d2a5aee6 100644 --- a/2022/CVE-2022-30781.json +++ b/2022/CVE-2022-30781.json @@ -32,5 +32,34 @@ "forks": 14, "watchers": 79, "score": 0 + }, + { + "id": 582912494, + "name": "CVE-2022-30781", + "full_name": "Live-Hack-CVE\/CVE-2022-30781", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30781", + "description": "Gitea before 1.16.7 does not escape git fetch remote. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:38Z", + "updated_at": "2022-12-28T08:03:38Z", + "pushed_at": "2022-12-28T08:03:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-3080.json b/2022/CVE-2022-3080.json deleted file mode 100644 index ab574ad969..0000000000 --- a/2022/CVE-2022-3080.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819507, - "name": "CVE-2022-3080", - "full_name": "Live-Hack-CVE\/CVE-2022-3080", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3080", - "description": "By sending specific queries to the resolver, an attacker can cause named to crash. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:55Z", - "updated_at": "2022-12-28T00:34:55Z", - "pushed_at": "2022-12-28T00:34:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30875.json b/2022/CVE-2022-30875.json new file mode 100644 index 0000000000..ce2ff7d5e7 --- /dev/null +++ b/2022/CVE-2022-30875.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903415, + "name": "CVE-2022-30875", + "full_name": "Live-Hack-CVE\/CVE-2022-30875", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30875", + "description": "Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:46Z", + "updated_at": "2022-12-28T07:27:46Z", + "pushed_at": "2022-12-28T07:27:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3090.json b/2022/CVE-2022-3090.json deleted file mode 100644 index c1b7e6fa54..0000000000 --- a/2022/CVE-2022-3090.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872407, - "name": "CVE-2022-3090", - "full_name": "Live-Hack-CVE\/CVE-2022-3090", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3090", - "description": "Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:28Z", - "updated_at": "2022-12-28T05:17:28Z", - "pushed_at": "2022-12-28T05:17:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-30945.json b/2022/CVE-2022-30945.json new file mode 100644 index 0000000000..3c8ebdbcd7 --- /dev/null +++ b/2022/CVE-2022-30945.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923829, + "name": "CVE-2022-30945", + "full_name": "Live-Hack-CVE\/CVE-2022-30945", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30945", + "description": "Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:54Z", + "updated_at": "2022-12-28T08:46:54Z", + "pushed_at": "2022-12-28T08:46:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-30952.json b/2022/CVE-2022-30952.json new file mode 100644 index 0000000000..a27ea597c0 --- /dev/null +++ b/2022/CVE-2022-30952.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947774, + "name": "CVE-2022-30952", + "full_name": "Live-Hack-CVE\/CVE-2022-30952", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-30952", + "description": "Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job\/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:22Z", + "updated_at": "2022-12-28T10:12:22Z", + "pushed_at": "2022-12-28T10:12:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3097.json b/2022/CVE-2022-3097.json deleted file mode 100644 index e6c71d95e7..0000000000 --- a/2022/CVE-2022-3097.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849620, - "name": "CVE-2022-3097", - "full_name": "Live-Hack-CVE\/CVE-2022-3097", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3097", - "description": "The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:42Z", - "updated_at": "2022-12-28T03:18:42Z", - "pushed_at": "2022-12-28T03:18:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31001.json b/2022/CVE-2022-31001.json new file mode 100644 index 0000000000..53044d507c --- /dev/null +++ b/2022/CVE-2022-31001.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922598, + "name": "CVE-2022-31001", + "full_name": "Live-Hack-CVE\/CVE-2022-31001", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31001", + "description": "Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:11Z", + "updated_at": "2022-12-28T08:42:11Z", + "pushed_at": "2022-12-28T08:42:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31002.json b/2022/CVE-2022-31002.json new file mode 100644 index 0000000000..56ceebc92b --- /dev/null +++ b/2022/CVE-2022-31002.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922604, + "name": "CVE-2022-31002", + "full_name": "Live-Hack-CVE\/CVE-2022-31002", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31002", + "description": "Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:15Z", + "updated_at": "2022-12-28T08:42:15Z", + "pushed_at": "2022-12-28T08:42:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31003.json b/2022/CVE-2022-31003.json deleted file mode 100644 index 1b6cb6cc7c..0000000000 --- a/2022/CVE-2022-31003.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819347, - "name": "CVE-2022-31003", - "full_name": "Live-Hack-CVE\/CVE-2022-31003", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31003", - "description": "Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:53Z", - "updated_at": "2022-12-28T00:33:53Z", - "pushed_at": "2022-12-28T00:33:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31030.json b/2022/CVE-2022-31030.json deleted file mode 100644 index 48fc014d0a..0000000000 --- a/2022/CVE-2022-31030.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849119, - "name": "CVE-2022-31030", - "full_name": "Live-Hack-CVE\/CVE-2022-31030", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31030", - "description": "containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, den CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:16:11Z", - "updated_at": "2022-12-28T03:16:11Z", - "pushed_at": "2022-12-28T03:16:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31031.json b/2022/CVE-2022-31031.json new file mode 100644 index 0000000000..c20a230d3a --- /dev/null +++ b/2022/CVE-2022-31031.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922532, + "name": "CVE-2022-31031", + "full_name": "Live-Hack-CVE\/CVE-2022-31031", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31031", + "description": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: set CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:41:56Z", + "updated_at": "2022-12-28T08:41:56Z", + "pushed_at": "2022-12-28T08:41:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31033.json b/2022/CVE-2022-31033.json deleted file mode 100644 index 176e51ef17..0000000000 --- a/2022/CVE-2022-31033.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849061, - "name": "CVE-2022-31033", - "full_name": "Live-Hack-CVE\/CVE-2022-31033", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31033", - "description": "The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to up CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:15:53Z", - "updated_at": "2022-12-28T03:15:53Z", - "pushed_at": "2022-12-28T03:15:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31042.json b/2022/CVE-2022-31042.json deleted file mode 100644 index 12359b6e16..0000000000 --- a/2022/CVE-2022-31042.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819140, - "name": "CVE-2022-31042", - "full_name": "Live-Hack-CVE\/CVE-2022-31042", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31042", - "description": "Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:32:47Z", - "updated_at": "2022-12-28T00:32:47Z", - "pushed_at": "2022-12-28T00:32:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31043.json b/2022/CVE-2022-31043.json deleted file mode 100644 index 1d8e3e9804..0000000000 --- a/2022/CVE-2022-31043.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819160, - "name": "CVE-2022-31043", - "full_name": "Live-Hack-CVE\/CVE-2022-31043", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31043", - "description": "Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the sam CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:32:54Z", - "updated_at": "2022-12-28T00:32:54Z", - "pushed_at": "2022-12-28T00:32:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31091.json b/2022/CVE-2022-31091.json deleted file mode 100644 index afb0c93e0e..0000000000 --- a/2022/CVE-2022-31091.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819150, - "name": "CVE-2022-31091", - "full_name": "Live-Hack-CVE\/CVE-2022-31091", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31091", - "description": "Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:32:51Z", - "updated_at": "2022-12-28T00:32:51Z", - "pushed_at": "2022-12-28T00:32:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31097.json b/2022/CVE-2022-31097.json deleted file mode 100644 index d8b62ea5dd..0000000000 --- a/2022/CVE-2022-31097.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871699, - "name": "CVE-2022-31097", - "full_name": "Live-Hack-CVE\/CVE-2022-31097", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31097", - "description": "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to adm CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:14:09Z", - "updated_at": "2022-12-28T05:14:09Z", - "pushed_at": "2022-12-28T05:14:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31123.json b/2022/CVE-2022-31123.json deleted file mode 100644 index ed9ead6327..0000000000 --- a/2022/CVE-2022-31123.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818116, - "name": "CVE-2022-31123", - "full_name": "Live-Hack-CVE\/CVE-2022-31123", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31123", - "description": "Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:27:05Z", - "updated_at": "2022-12-28T00:27:06Z", - "pushed_at": "2022-12-28T00:27:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31197.json b/2022/CVE-2022-31197.json deleted file mode 100644 index 7c0950efe9..0000000000 --- a/2022/CVE-2022-31197.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825276, - "name": "CVE-2022-31197", - "full_name": "Live-Hack-CVE\/CVE-2022-31197", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31197", - "description": "PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement ter CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:09:29Z", - "updated_at": "2022-12-28T01:09:29Z", - "pushed_at": "2022-12-28T01:09:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31199.json b/2022/CVE-2022-31199.json new file mode 100644 index 0000000000..a0c57e642d --- /dev/null +++ b/2022/CVE-2022-31199.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969398, + "name": "CVE-2022-31199", + "full_name": "Live-Hack-CVE\/CVE-2022-31199", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31199", + "description": "Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an u CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:31:36Z", + "updated_at": "2022-12-28T11:31:36Z", + "pushed_at": "2022-12-28T11:31:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3122.json b/2022/CVE-2022-3122.json new file mode 100644 index 0000000000..52daf02b94 --- /dev/null +++ b/2022/CVE-2022-3122.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936641, + "name": "CVE-2022-3122", + "full_name": "Live-Hack-CVE\/CVE-2022-3122", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3122", + "description": "A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:07Z", + "updated_at": "2022-12-28T09:33:07Z", + "pushed_at": "2022-12-28T09:33:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31243.json b/2022/CVE-2022-31243.json new file mode 100644 index 0000000000..33cf71cfb5 --- /dev/null +++ b/2022/CVE-2022-31243.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893613, + "name": "CVE-2022-31243", + "full_name": "Live-Hack-CVE\/CVE-2022-31243", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31243", + "description": "Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. \"DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:48:01Z", + "updated_at": "2022-12-28T06:48:01Z", + "pushed_at": "2022-12-28T06:48:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31250.json b/2022/CVE-2022-31250.json new file mode 100644 index 0000000000..f0166abf85 --- /dev/null +++ b/2022/CVE-2022-31250.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982465, + "name": "CVE-2022-31250", + "full_name": "Live-Hack-CVE\/CVE-2022-31250", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31250", + "description": "A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:09Z", + "updated_at": "2022-12-28T12:18:09Z", + "pushed_at": "2022-12-28T12:18:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31253.json b/2022/CVE-2022-31253.json new file mode 100644 index 0000000000..29c6bcbb51 --- /dev/null +++ b/2022/CVE-2022-31253.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957835, + "name": "CVE-2022-31253", + "full_name": "Live-Hack-CVE\/CVE-2022-31253", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31253", + "description": "A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user\/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:55Z", + "updated_at": "2022-12-28T10:48:55Z", + "pushed_at": "2022-12-28T10:48:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31255.json b/2022/CVE-2022-31255.json new file mode 100644 index 0000000000..4d20a731c0 --- /dev/null +++ b/2022/CVE-2022-31255.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924201, + "name": "CVE-2022-31255", + "full_name": "Live-Hack-CVE\/CVE-2022-31255", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31255", + "description": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk\/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user ru CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:18Z", + "updated_at": "2022-12-28T08:48:19Z", + "pushed_at": "2022-12-28T08:48:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31325.json b/2022/CVE-2022-31325.json deleted file mode 100644 index 9fc9a8a84f..0000000000 --- a/2022/CVE-2022-31325.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849148, - "name": "CVE-2022-31325", - "full_name": "Live-Hack-CVE\/CVE-2022-31325", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31325", - "description": "There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in \/churchcrm\/WhyCameEditor.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:16:18Z", - "updated_at": "2022-12-28T03:16:18Z", - "pushed_at": "2022-12-28T03:16:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31606.json b/2022/CVE-2022-31606.json deleted file mode 100644 index a03b76247b..0000000000 --- a/2022/CVE-2022-31606.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856503, - "name": "CVE-2022-31606", - "full_name": "Live-Hack-CVE\/CVE-2022-31606", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31606", - "description": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, informa CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:08Z", - "updated_at": "2022-12-28T03:55:08Z", - "pushed_at": "2022-12-28T03:55:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31607.json b/2022/CVE-2022-31607.json deleted file mode 100644 index 0e3ef1a3b3..0000000000 --- a/2022/CVE-2022-31607.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849400, - "name": "CVE-2022-31607", - "full_name": "Live-Hack-CVE\/CVE-2022-31607", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31607", - "description": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:32Z", - "updated_at": "2022-12-28T03:17:32Z", - "pushed_at": "2022-12-28T03:17:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31608.json b/2022/CVE-2022-31608.json deleted file mode 100644 index 7aca120c22..0000000000 --- a/2022/CVE-2022-31608.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856510, - "name": "CVE-2022-31608", - "full_name": "Live-Hack-CVE\/CVE-2022-31608", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31608", - "description": "NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:12Z", - "updated_at": "2022-12-28T03:55:12Z", - "pushed_at": "2022-12-28T03:55:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31610.json b/2022/CVE-2022-31610.json deleted file mode 100644 index 749b58ef98..0000000000 --- a/2022/CVE-2022-31610.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849393, - "name": "CVE-2022-31610", - "full_name": "Live-Hack-CVE\/CVE-2022-31610", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31610", - "description": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:28Z", - "updated_at": "2022-12-28T03:17:28Z", - "pushed_at": "2022-12-28T03:17:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31612.json b/2022/CVE-2022-31612.json deleted file mode 100644 index 507a5909a7..0000000000 --- a/2022/CVE-2022-31612.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856495, - "name": "CVE-2022-31612", - "full_name": "Live-Hack-CVE\/CVE-2022-31612", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31612", - "description": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:05Z", - "updated_at": "2022-12-28T03:55:05Z", - "pushed_at": "2022-12-28T03:55:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31613.json b/2022/CVE-2022-31613.json deleted file mode 100644 index dcb3b53977..0000000000 --- a/2022/CVE-2022-31613.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849381, - "name": "CVE-2022-31613", - "full_name": "Live-Hack-CVE\/CVE-2022-31613", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31613", - "description": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:25Z", - "updated_at": "2022-12-28T03:17:25Z", - "pushed_at": "2022-12-28T03:17:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31615.json b/2022/CVE-2022-31615.json deleted file mode 100644 index 735ad70f78..0000000000 --- a/2022/CVE-2022-31615.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849280, - "name": "CVE-2022-31615", - "full_name": "Live-Hack-CVE\/CVE-2022-31615", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31615", - "description": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:16:58Z", - "updated_at": "2022-12-28T03:16:58Z", - "pushed_at": "2022-12-28T03:17:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31616.json b/2022/CVE-2022-31616.json deleted file mode 100644 index 86770f3aad..0000000000 --- a/2022/CVE-2022-31616.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849444, - "name": "CVE-2022-31616", - "full_name": "Live-Hack-CVE\/CVE-2022-31616", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31616", - "description": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:46Z", - "updated_at": "2022-12-28T03:17:46Z", - "pushed_at": "2022-12-28T03:17:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31617.json b/2022/CVE-2022-31617.json deleted file mode 100644 index a36a175362..0000000000 --- a/2022/CVE-2022-31617.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849433, - "name": "CVE-2022-31617", - "full_name": "Live-Hack-CVE\/CVE-2022-31617", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31617", - "description": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:17:43Z", - "updated_at": "2022-12-28T03:17:43Z", - "pushed_at": "2022-12-28T03:17:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31649.json b/2022/CVE-2022-31649.json deleted file mode 100644 index 3195ff7159..0000000000 --- a/2022/CVE-2022-31649.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849133, - "name": "CVE-2022-31649", - "full_name": "Live-Hack-CVE\/CVE-2022-31649", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31649", - "description": "ownCloud owncloud\/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:16:14Z", - "updated_at": "2022-12-28T03:16:14Z", - "pushed_at": "2022-12-28T03:16:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31676.json b/2022/CVE-2022-31676.json new file mode 100644 index 0000000000..904c1642f7 --- /dev/null +++ b/2022/CVE-2022-31676.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922517, + "name": "CVE-2022-31676", + "full_name": "Live-Hack-CVE\/CVE-2022-31676", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31676", + "description": "VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:41:53Z", + "updated_at": "2022-12-28T08:41:53Z", + "pushed_at": "2022-12-28T08:41:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31685.json b/2022/CVE-2022-31685.json new file mode 100644 index 0000000000..91f881560a --- /dev/null +++ b/2022/CVE-2022-31685.json @@ -0,0 +1,31 @@ +[ + { + "id": 582949077, + "name": "CVE-2022-31685", + "full_name": "Live-Hack-CVE\/CVE-2022-31685", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31685", + "description": "VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:58Z", + "updated_at": "2022-12-28T10:17:06Z", + "pushed_at": "2022-12-28T10:17:00Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31686.json b/2022/CVE-2022-31686.json new file mode 100644 index 0000000000..991d6e9d66 --- /dev/null +++ b/2022/CVE-2022-31686.json @@ -0,0 +1,31 @@ +[ + { + "id": 582949027, + "name": "CVE-2022-31686", + "full_name": "Live-Hack-CVE\/CVE-2022-31686", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31686", + "description": "VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:47Z", + "updated_at": "2022-12-28T10:16:47Z", + "pushed_at": "2022-12-28T10:16:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31687.json b/2022/CVE-2022-31687.json new file mode 100644 index 0000000000..3d85497b90 --- /dev/null +++ b/2022/CVE-2022-31687.json @@ -0,0 +1,31 @@ +[ + { + "id": 582949037, + "name": "CVE-2022-31687", + "full_name": "Live-Hack-CVE\/CVE-2022-31687", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31687", + "description": "VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:50Z", + "updated_at": "2022-12-28T10:18:16Z", + "pushed_at": "2022-12-28T10:16:52Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31688.json b/2022/CVE-2022-31688.json new file mode 100644 index 0000000000..c71ef89eb1 --- /dev/null +++ b/2022/CVE-2022-31688.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948984, + "name": "CVE-2022-31688", + "full_name": "Live-Hack-CVE\/CVE-2022-31688", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31688", + "description": "VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:39Z", + "updated_at": "2022-12-28T10:16:39Z", + "pushed_at": "2022-12-28T10:16:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31689.json b/2022/CVE-2022-31689.json new file mode 100644 index 0000000000..38892ce0f9 --- /dev/null +++ b/2022/CVE-2022-31689.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948964, + "name": "CVE-2022-31689", + "full_name": "Live-Hack-CVE\/CVE-2022-31689", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31689", + "description": "VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:36Z", + "updated_at": "2022-12-28T10:16:36Z", + "pushed_at": "2022-12-28T10:16:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31691.json b/2022/CVE-2022-31691.json new file mode 100644 index 0000000000..6baf1001d5 --- /dev/null +++ b/2022/CVE-2022-31691.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946950, + "name": "CVE-2022-31691", + "full_name": "Live-Hack-CVE\/CVE-2022-31691", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31691", + "description": "Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:39Z", + "updated_at": "2022-12-28T10:09:39Z", + "pushed_at": "2022-12-28T10:09:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31694.json b/2022/CVE-2022-31694.json deleted file mode 100644 index be61fbbbdb..0000000000 --- a/2022/CVE-2022-31694.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872332, - "name": "CVE-2022-31694", - "full_name": "Live-Hack-CVE\/CVE-2022-31694", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31694", - "description": "InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup trigge CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:08Z", - "updated_at": "2022-12-28T05:17:08Z", - "pushed_at": "2022-12-28T05:17:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31772.json b/2022/CVE-2022-31772.json new file mode 100644 index 0000000000..7d89c3a880 --- /dev/null +++ b/2022/CVE-2022-31772.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935846, + "name": "CVE-2022-31772", + "full_name": "Live-Hack-CVE\/CVE-2022-31772", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31772", + "description": "IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:19Z", + "updated_at": "2022-12-28T09:30:19Z", + "pushed_at": "2022-12-28T09:30:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-31777.json b/2022/CVE-2022-31777.json deleted file mode 100644 index e6abbd6962..0000000000 --- a/2022/CVE-2022-31777.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848913, - "name": "CVE-2022-31777", - "full_name": "Live-Hack-CVE\/CVE-2022-31777", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31777", - "description": "A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:15:03Z", - "updated_at": "2022-12-28T03:15:03Z", - "pushed_at": "2022-12-28T03:15:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31779.json b/2022/CVE-2022-31779.json deleted file mode 100644 index b3cff16cd8..0000000000 --- a/2022/CVE-2022-31779.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818660, - "name": "CVE-2022-31779", - "full_name": "Live-Hack-CVE\/CVE-2022-31779", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31779", - "description": "Improper Input Validation vulnerability in HTTP\/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:30:10Z", - "updated_at": "2022-12-28T00:30:10Z", - "pushed_at": "2022-12-28T00:30:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-31877.json b/2022/CVE-2022-31877.json deleted file mode 100644 index 509e7e8d6c..0000000000 --- a/2022/CVE-2022-31877.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848084, - "name": "CVE-2022-31877", - "full_name": "Live-Hack-CVE\/CVE-2022-31877", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-31877", - "description": "An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:45Z", - "updated_at": "2022-12-28T03:10:45Z", - "pushed_at": "2022-12-28T03:10:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3195.json b/2022/CVE-2022-3195.json new file mode 100644 index 0000000000..102d3f3dea --- /dev/null +++ b/2022/CVE-2022-3195.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960160, + "name": "CVE-2022-3195", + "full_name": "Live-Hack-CVE\/CVE-2022-3195", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3195", + "description": "Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:16Z", + "updated_at": "2022-12-28T10:57:16Z", + "pushed_at": "2022-12-28T10:57:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3196.json b/2022/CVE-2022-3196.json deleted file mode 100644 index ecf961b771..0000000000 --- a/2022/CVE-2022-3196.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582880982, - "name": "CVE-2022-3196", - "full_name": "Live-Hack-CVE\/CVE-2022-3196", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3196", - "description": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:56:12Z", - "updated_at": "2022-12-28T05:56:12Z", - "pushed_at": "2022-12-28T05:56:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3197.json b/2022/CVE-2022-3197.json deleted file mode 100644 index fe3865f764..0000000000 --- a/2022/CVE-2022-3197.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582881005, - "name": "CVE-2022-3197", - "full_name": "Live-Hack-CVE\/CVE-2022-3197", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3197", - "description": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:56:16Z", - "updated_at": "2022-12-28T05:56:16Z", - "pushed_at": "2022-12-28T05:56:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3198.json b/2022/CVE-2022-3198.json deleted file mode 100644 index 411c0d1904..0000000000 --- a/2022/CVE-2022-3198.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582881021, - "name": "CVE-2022-3198", - "full_name": "Live-Hack-CVE\/CVE-2022-3198", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3198", - "description": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:56:19Z", - "updated_at": "2022-12-28T05:56:19Z", - "pushed_at": "2022-12-28T05:56:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3199.json b/2022/CVE-2022-3199.json deleted file mode 100644 index fbe4c036ba..0000000000 --- a/2022/CVE-2022-3199.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848930, - "name": "CVE-2022-3199", - "full_name": "Live-Hack-CVE\/CVE-2022-3199", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3199", - "description": "Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:15:07Z", - "updated_at": "2022-12-28T03:15:07Z", - "pushed_at": "2022-12-28T03:15:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3200.json b/2022/CVE-2022-3200.json deleted file mode 100644 index f74102eed0..0000000000 --- a/2022/CVE-2022-3200.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582880894, - "name": "CVE-2022-3200", - "full_name": "Live-Hack-CVE\/CVE-2022-3200", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3200", - "description": "Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:55:51Z", - "updated_at": "2022-12-28T05:55:51Z", - "pushed_at": "2022-12-28T05:55:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3201.json b/2022/CVE-2022-3201.json deleted file mode 100644 index ba676c8b65..0000000000 --- a/2022/CVE-2022-3201.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819226, - "name": "CVE-2022-3201", - "full_name": "Live-Hack-CVE\/CVE-2022-3201", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3201", - "description": "Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:14Z", - "updated_at": "2022-12-28T00:33:14Z", - "pushed_at": "2022-12-28T00:33:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-32060.json b/2022/CVE-2022-32060.json deleted file mode 100644 index a625caa557..0000000000 --- a/2022/CVE-2022-32060.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856206, - "name": "CVE-2022-32060", - "full_name": "Live-Hack-CVE\/CVE-2022-32060", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-32060", - "description": "An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:53:20Z", - "updated_at": "2022-12-28T03:53:20Z", - "pushed_at": "2022-12-28T03:53:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-32156.json b/2022/CVE-2022-32156.json new file mode 100644 index 0000000000..9d8a555a53 --- /dev/null +++ b/2022/CVE-2022-32156.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946043, + "name": "CVE-2022-32156", + "full_name": "Live-Hack-CVE\/CVE-2022-32156", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-32156", + "description": "In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https:\/\/docs.splunk.com\/D CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:37Z", + "updated_at": "2022-12-28T10:06:37Z", + "pushed_at": "2022-12-28T10:06:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-32177.json b/2022/CVE-2022-32177.json new file mode 100644 index 0000000000..b70a85bcd5 --- /dev/null +++ b/2022/CVE-2022-32177.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937070, + "name": "CVE-2022-32177", + "full_name": "Live-Hack-CVE\/CVE-2022-32177", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-32177", + "description": "In \"Gin-Vue-Admin\", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:42Z", + "updated_at": "2022-12-28T09:34:42Z", + "pushed_at": "2022-12-28T09:34:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-32212.json b/2022/CVE-2022-32212.json deleted file mode 100644 index 01928b364a..0000000000 --- a/2022/CVE-2022-32212.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849759, - "name": "CVE-2022-32212", - "full_name": "Live-Hack-CVE\/CVE-2022-32212", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-32212", - "description": "A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.16.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:19:19Z", - "updated_at": "2022-12-28T03:19:19Z", - "pushed_at": "2022-12-28T03:19:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-32213.json b/2022/CVE-2022-32213.json deleted file mode 100644 index 12be2055af..0000000000 --- a/2022/CVE-2022-32213.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849770, - "name": "CVE-2022-32213", - "full_name": "Live-Hack-CVE\/CVE-2022-32213", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-32213", - "description": "The llhttp parser License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:04Z", + "updated_at": "2022-12-28T12:14:04Z", + "pushed_at": "2022-12-28T12:14:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37720.json b/2022/CVE-2022-37720.json deleted file mode 100644 index b3a1555309..0000000000 --- a/2022/CVE-2022-37720.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848386, - "name": "CVE-2022-37720", - "full_name": "Live-Hack-CVE\/CVE-2022-37720", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37720", - "description": "Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's br CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:24Z", - "updated_at": "2022-12-28T03:12:29Z", - "pushed_at": "2022-12-28T03:12:27Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-37721.json b/2022/CVE-2022-37721.json deleted file mode 100644 index b2eab3db93..0000000000 --- a/2022/CVE-2022-37721.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848514, - "name": "CVE-2022-37721", - "full_name": "Live-Hack-CVE\/CVE-2022-37721", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37721", - "description": "PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:57Z", - "updated_at": "2022-12-28T03:12:57Z", - "pushed_at": "2022-12-28T03:12:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-37772.json b/2022/CVE-2022-37772.json deleted file mode 100644 index f5a7adecfb..0000000000 --- a/2022/CVE-2022-37772.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857777, - "name": "CVE-2022-37772", - "full_name": "Live-Hack-CVE\/CVE-2022-37772", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37772", - "description": "Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:47Z", - "updated_at": "2022-12-28T04:01:47Z", - "pushed_at": "2022-12-28T04:01:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-37773.json b/2022/CVE-2022-37773.json deleted file mode 100644 index cabc04b79b..0000000000 --- a/2022/CVE-2022-37773.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863763, - "name": "CVE-2022-37773", - "full_name": "Live-Hack-CVE\/CVE-2022-37773", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37773", - "description": "An authenticated SQL Injection vulnerability in the statistics page (\/statistics\/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:35Z", - "updated_at": "2022-12-28T04:33:35Z", - "pushed_at": "2022-12-28T04:33:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-37774.json b/2022/CVE-2022-37774.json deleted file mode 100644 index 8f326b22ea..0000000000 --- a/2022/CVE-2022-37774.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863780, - "name": "CVE-2022-37774", - "full_name": "Live-Hack-CVE\/CVE-2022-37774", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37774", - "description": "There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https:\/\/{url}\/tmp\/{MD5 hash of the do CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:38Z", - "updated_at": "2022-12-28T04:33:38Z", - "pushed_at": "2022-12-28T04:33:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-37797.json b/2022/CVE-2022-37797.json deleted file mode 100644 index 238d444e3a..0000000000 --- a/2022/CVE-2022-37797.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819465, - "name": "CVE-2022-37797", - "full_name": "Live-Hack-CVE\/CVE-2022-37797", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37797", - "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:42Z", - "updated_at": "2022-12-28T00:34:42Z", - "pushed_at": "2022-12-28T00:34:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-37860.json b/2022/CVE-2022-37860.json new file mode 100644 index 0000000000..c04ab7c3c2 --- /dev/null +++ b/2022/CVE-2022-37860.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923772, + "name": "CVE-2022-37860", + "full_name": "Live-Hack-CVE\/CVE-2022-37860", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37860", + "description": "The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:44Z", + "updated_at": "2022-12-28T08:46:44Z", + "pushed_at": "2022-12-28T08:46:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37865.json b/2022/CVE-2022-37865.json new file mode 100644 index 0000000000..d6ed174cac --- /dev/null +++ b/2022/CVE-2022-37865.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981381, + "name": "CVE-2022-37865", + "full_name": "Live-Hack-CVE\/CVE-2022-37865", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37865", + "description": "With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the \"zip\", \"jar\" or \"war\" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing ab CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:29Z", + "updated_at": "2022-12-28T12:14:29Z", + "pushed_at": "2022-12-28T12:14:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37866.json b/2022/CVE-2022-37866.json new file mode 100644 index 0000000000..ee59894cf6 --- /dev/null +++ b/2022/CVE-2022-37866.json @@ -0,0 +1,31 @@ +[ + { + "id": 582968965, + "name": "CVE-2022-37866", + "full_name": "Live-Hack-CVE\/CVE-2022-37866", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37866", + "description": "When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied \"pattern\" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain \"..\/\" sequences - which are valid characters for Ivy coordinates CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:03Z", + "updated_at": "2022-12-28T11:30:03Z", + "pushed_at": "2022-12-28T11:30:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37887.json b/2022/CVE-2022-37887.json new file mode 100644 index 0000000000..98302585b7 --- /dev/null +++ b/2022/CVE-2022-37887.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971301, + "name": "CVE-2022-37887", + "full_name": "Live-Hack-CVE\/CVE-2022-37887", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37887", + "description": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:16Z", + "updated_at": "2022-12-28T11:38:16Z", + "pushed_at": "2022-12-28T11:38:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37889.json b/2022/CVE-2022-37889.json new file mode 100644 index 0000000000..fc04cfde48 --- /dev/null +++ b/2022/CVE-2022-37889.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971315, + "name": "CVE-2022-37889", + "full_name": "Live-Hack-CVE\/CVE-2022-37889", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37889", + "description": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:20Z", + "updated_at": "2022-12-28T11:38:20Z", + "pushed_at": "2022-12-28T11:38:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37890.json b/2022/CVE-2022-37890.json new file mode 100644 index 0000000000..3fca9e23c5 --- /dev/null +++ b/2022/CVE-2022-37890.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971349, + "name": "CVE-2022-37890", + "full_name": "Live-Hack-CVE\/CVE-2022-37890", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37890", + "description": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and be CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:27Z", + "updated_at": "2022-12-28T11:38:27Z", + "pushed_at": "2022-12-28T11:38:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37891.json b/2022/CVE-2022-37891.json new file mode 100644 index 0000000000..bac56342ad --- /dev/null +++ b/2022/CVE-2022-37891.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971335, + "name": "CVE-2022-37891", + "full_name": "Live-Hack-CVE\/CVE-2022-37891", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37891", + "description": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and be CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:23Z", + "updated_at": "2022-12-28T11:38:23Z", + "pushed_at": "2022-12-28T11:38:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37892.json b/2022/CVE-2022-37892.json new file mode 100644 index 0000000000..6cf11ced99 --- /dev/null +++ b/2022/CVE-2022-37892.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971356, + "name": "CVE-2022-37892", + "full_name": "Live-Hack-CVE\/CVE-2022-37892", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37892", + "description": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:30Z", + "updated_at": "2022-12-28T11:38:30Z", + "pushed_at": "2022-12-28T11:38:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37893.json b/2022/CVE-2022-37893.json new file mode 100644 index 0000000000..d1ea007147 --- /dev/null +++ b/2022/CVE-2022-37893.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971235, + "name": "CVE-2022-37893", + "full_name": "Live-Hack-CVE\/CVE-2022-37893", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37893", + "description": "An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:03Z", + "updated_at": "2022-12-28T11:38:03Z", + "pushed_at": "2022-12-28T11:38:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37894.json b/2022/CVE-2022-37894.json new file mode 100644 index 0000000000..64d910e392 --- /dev/null +++ b/2022/CVE-2022-37894.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971289, + "name": "CVE-2022-37894", + "full_name": "Live-Hack-CVE\/CVE-2022-37894", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37894", + "description": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:13Z", + "updated_at": "2022-12-28T11:38:13Z", + "pushed_at": "2022-12-28T11:38:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37895.json b/2022/CVE-2022-37895.json new file mode 100644 index 0000000000..e33e9c4308 --- /dev/null +++ b/2022/CVE-2022-37895.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971272, + "name": "CVE-2022-37895", + "full_name": "Live-Hack-CVE\/CVE-2022-37895", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37895", + "description": "An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:09Z", + "updated_at": "2022-12-28T11:38:09Z", + "pushed_at": "2022-12-28T11:38:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37896.json b/2022/CVE-2022-37896.json new file mode 100644 index 0000000000..016de602a8 --- /dev/null +++ b/2022/CVE-2022-37896.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971256, + "name": "CVE-2022-37896", + "full_name": "Live-Hack-CVE\/CVE-2022-37896", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37896", + "description": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:38:06Z", + "updated_at": "2022-12-28T11:38:06Z", + "pushed_at": "2022-12-28T11:38:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3793.json b/2022/CVE-2022-3793.json new file mode 100644 index 0000000000..e9a543a312 --- /dev/null +++ b/2022/CVE-2022-3793.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948935, + "name": "CVE-2022-3793", + "full_name": "Live-Hack-CVE\/CVE-2022-3793", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3793", + "description": "An improper authorization issue in GitLab CE\/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI\/CD configuration file they don't have access to. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:16:31Z", + "updated_at": "2022-12-28T10:16:31Z", + "pushed_at": "2022-12-28T10:16:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37931.json b/2022/CVE-2022-37931.json deleted file mode 100644 index 2f9f69a5c1..0000000000 --- a/2022/CVE-2022-37931.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849717, - "name": "CVE-2022-37931", - "full_name": "Live-Hack-CVE\/CVE-2022-37931", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37931", - "description": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:19:08Z", - "updated_at": "2022-12-28T03:19:08Z", - "pushed_at": "2022-12-28T03:19:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-37973.json b/2022/CVE-2022-37973.json new file mode 100644 index 0000000000..b1c833ac96 --- /dev/null +++ b/2022/CVE-2022-37973.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947456, + "name": "CVE-2022-37973", + "full_name": "Live-Hack-CVE\/CVE-2022-37973", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37973", + "description": "Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37998. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:18Z", + "updated_at": "2022-12-28T10:11:18Z", + "pushed_at": "2022-12-28T10:11:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37975.json b/2022/CVE-2022-37975.json new file mode 100644 index 0000000000..fb953e60ec --- /dev/null +++ b/2022/CVE-2022-37975.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947555, + "name": "CVE-2022-37975", + "full_name": "Live-Hack-CVE\/CVE-2022-37975", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37975", + "description": "Windows Group Policy Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:36Z", + "updated_at": "2022-12-28T10:11:36Z", + "pushed_at": "2022-12-28T10:11:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37991.json b/2022/CVE-2022-37991.json new file mode 100644 index 0000000000..53e9b38311 --- /dev/null +++ b/2022/CVE-2022-37991.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957437, + "name": "CVE-2022-37991", + "full_name": "Live-Hack-CVE\/CVE-2022-37991", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37991", + "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:47:29Z", + "updated_at": "2022-12-28T10:47:29Z", + "pushed_at": "2022-12-28T10:47:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-37992.json b/2022/CVE-2022-37992.json new file mode 100644 index 0000000000..4382f2ac34 --- /dev/null +++ b/2022/CVE-2022-37992.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958591, + "name": "CVE-2022-37992", + "full_name": "Live-Hack-CVE\/CVE-2022-37992", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-37992", + "description": "Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41086. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:41Z", + "updated_at": "2022-12-28T10:51:41Z", + "pushed_at": "2022-12-28T10:51:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38014.json b/2022/CVE-2022-38014.json new file mode 100644 index 0000000000..0125ab8cf7 --- /dev/null +++ b/2022/CVE-2022-38014.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958474, + "name": "CVE-2022-38014", + "full_name": "Live-Hack-CVE\/CVE-2022-38014", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38014", + "description": "Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:18Z", + "updated_at": "2022-12-28T10:51:18Z", + "pushed_at": "2022-12-28T10:51:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38015.json b/2022/CVE-2022-38015.json new file mode 100644 index 0000000000..bdb14972ca --- /dev/null +++ b/2022/CVE-2022-38015.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958574, + "name": "CVE-2022-38015", + "full_name": "Live-Hack-CVE\/CVE-2022-38015", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38015", + "description": "Windows Hyper-V Denial of Service Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:38Z", + "updated_at": "2022-12-28T10:51:38Z", + "pushed_at": "2022-12-28T10:51:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38022.json b/2022/CVE-2022-38022.json new file mode 100644 index 0000000000..eaf0e47a70 --- /dev/null +++ b/2022/CVE-2022-38022.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947534, + "name": "CVE-2022-38022", + "full_name": "Live-Hack-CVE\/CVE-2022-38022", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38022", + "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:32Z", + "updated_at": "2022-12-28T10:11:32Z", + "pushed_at": "2022-12-28T10:11:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38034.json b/2022/CVE-2022-38034.json new file mode 100644 index 0000000000..192a8f5bfd --- /dev/null +++ b/2022/CVE-2022-38034.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947511, + "name": "CVE-2022-38034", + "full_name": "Live-Hack-CVE\/CVE-2022-38034", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38034", + "description": "Windows Workstation Service Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:28Z", + "updated_at": "2022-12-28T10:11:28Z", + "pushed_at": "2022-12-28T10:11:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38037.json b/2022/CVE-2022-38037.json new file mode 100644 index 0000000000..dc5bd59ad7 --- /dev/null +++ b/2022/CVE-2022-38037.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971221, + "name": "CVE-2022-38037", + "full_name": "Live-Hack-CVE\/CVE-2022-38037", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38037", + "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:59Z", + "updated_at": "2022-12-28T11:37:59Z", + "pushed_at": "2022-12-28T11:38:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38038.json b/2022/CVE-2022-38038.json new file mode 100644 index 0000000000..f64f0ece6c --- /dev/null +++ b/2022/CVE-2022-38038.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957420, + "name": "CVE-2022-38038", + "full_name": "Live-Hack-CVE\/CVE-2022-38038", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38038", + "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38039. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:47:26Z", + "updated_at": "2022-12-28T10:47:26Z", + "pushed_at": "2022-12-28T10:47:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38043.json b/2022/CVE-2022-38043.json new file mode 100644 index 0000000000..73b545c384 --- /dev/null +++ b/2022/CVE-2022-38043.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946860, + "name": "CVE-2022-38043", + "full_name": "Live-Hack-CVE\/CVE-2022-38043", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38043", + "description": "Windows Security Support Provider Interface Information Disclosure Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:20Z", + "updated_at": "2022-12-28T10:09:20Z", + "pushed_at": "2022-12-28T10:09:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38045.json b/2022/CVE-2022-38045.json deleted file mode 100644 index 2c6ef3146e..0000000000 --- a/2022/CVE-2022-38045.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811848, - "name": "CVE-2022-38045", - "full_name": "Live-Hack-CVE\/CVE-2022-38045", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38045", - "description": "Server Service Remote Protocol Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:09Z", - "updated_at": "2022-12-27T23:51:09Z", - "pushed_at": "2022-12-27T23:51:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38046.json b/2022/CVE-2022-38046.json new file mode 100644 index 0000000000..c45e53d9d1 --- /dev/null +++ b/2022/CVE-2022-38046.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948421, + "name": "CVE-2022-38046", + "full_name": "Live-Hack-CVE\/CVE-2022-38046", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38046", + "description": "Web Account Manager Information Disclosure Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:14:36Z", + "updated_at": "2022-12-28T10:14:36Z", + "pushed_at": "2022-12-28T10:14:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38097.json b/2022/CVE-2022-38097.json deleted file mode 100644 index df4997553f..0000000000 --- a/2022/CVE-2022-38097.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872592, - "name": "CVE-2022-38097", - "full_name": "Live-Hack-CVE\/CVE-2022-38097", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38097", - "description": "A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:18Z", - "updated_at": "2022-12-28T05:18:18Z", - "pushed_at": "2022-12-28T05:18:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38099.json b/2022/CVE-2022-38099.json new file mode 100644 index 0000000000..c0fed413f5 --- /dev/null +++ b/2022/CVE-2022-38099.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924507, + "name": "CVE-2022-38099", + "full_name": "Live-Hack-CVE\/CVE-2022-38099", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38099", + "description": "Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:49:29Z", + "updated_at": "2022-12-28T08:49:29Z", + "pushed_at": "2022-12-28T08:49:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38113.json b/2022/CVE-2022-38113.json deleted file mode 100644 index 696826359f..0000000000 --- a/2022/CVE-2022-38113.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857140, - "name": "CVE-2022-38113", - "full_name": "Live-Hack-CVE\/CVE-2022-38113", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38113", - "description": "This vulnerability discloses build and services versions in the server response header. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:58:29Z", - "updated_at": "2022-12-28T03:58:29Z", - "pushed_at": "2022-12-28T03:58:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38114.json b/2022/CVE-2022-38114.json deleted file mode 100644 index 2978954325..0000000000 --- a/2022/CVE-2022-38114.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857126, - "name": "CVE-2022-38114", - "full_name": "Live-Hack-CVE\/CVE-2022-38114", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38114", - "description": "This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:58:26Z", - "updated_at": "2022-12-28T03:58:26Z", - "pushed_at": "2022-12-28T03:58:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38115.json b/2022/CVE-2022-38115.json deleted file mode 100644 index 4c1520f747..0000000000 --- a/2022/CVE-2022-38115.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857108, - "name": "CVE-2022-38115", - "full_name": "Live-Hack-CVE\/CVE-2022-38115", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38115", - "description": "Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:58:22Z", - "updated_at": "2022-12-28T03:58:22Z", - "pushed_at": "2022-12-28T03:58:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38119.json b/2022/CVE-2022-38119.json new file mode 100644 index 0000000000..7094d70862 --- /dev/null +++ b/2022/CVE-2022-38119.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936365, + "name": "CVE-2022-38119", + "full_name": "Live-Hack-CVE\/CVE-2022-38119", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38119", + "description": "UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:32:05Z", + "updated_at": "2022-12-28T09:32:05Z", + "pushed_at": "2022-12-28T09:32:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38120.json b/2022/CVE-2022-38120.json new file mode 100644 index 0000000000..11c32486bc --- /dev/null +++ b/2022/CVE-2022-38120.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936339, + "name": "CVE-2022-38120", + "full_name": "Live-Hack-CVE\/CVE-2022-38120", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38120", + "description": "UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:32:00Z", + "updated_at": "2022-12-28T09:32:00Z", + "pushed_at": "2022-12-28T09:32:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38121.json b/2022/CVE-2022-38121.json new file mode 100644 index 0000000000..47f8589026 --- /dev/null +++ b/2022/CVE-2022-38121.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936201, + "name": "CVE-2022-38121", + "full_name": "Live-Hack-CVE\/CVE-2022-38121", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38121", + "description": "UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:30Z", + "updated_at": "2022-12-28T09:31:30Z", + "pushed_at": "2022-12-28T09:31:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38122.json b/2022/CVE-2022-38122.json new file mode 100644 index 0000000000..8fe44d7cf4 --- /dev/null +++ b/2022/CVE-2022-38122.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936296, + "name": "CVE-2022-38122", + "full_name": "Live-Hack-CVE\/CVE-2022-38122", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38122", + "description": "UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:49Z", + "updated_at": "2022-12-28T09:31:49Z", + "pushed_at": "2022-12-28T09:31:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38137.json b/2022/CVE-2022-38137.json new file mode 100644 index 0000000000..41c38c0ee1 --- /dev/null +++ b/2022/CVE-2022-38137.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970597, + "name": "CVE-2022-38137", + "full_name": "Live-Hack-CVE\/CVE-2022-38137", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38137", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:53Z", + "updated_at": "2022-12-28T11:35:53Z", + "pushed_at": "2022-12-28T11:35:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38139.json b/2022/CVE-2022-38139.json deleted file mode 100644 index 6c4016cbff..0000000000 --- a/2022/CVE-2022-38139.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818623, - "name": "CVE-2022-38139", - "full_name": "Live-Hack-CVE\/CVE-2022-38139", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38139", - "description": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:29:59Z", - "updated_at": "2022-12-28T00:29:59Z", - "pushed_at": "2022-12-28T00:30:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38140.json b/2022/CVE-2022-38140.json deleted file mode 100644 index 542de6ae6c..0000000000 --- a/2022/CVE-2022-38140.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833271, - "name": "CVE-2022-38140", - "full_name": "Live-Hack-CVE\/CVE-2022-38140", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38140", - "description": "Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:47Z", - "updated_at": "2022-12-28T01:54:47Z", - "pushed_at": "2022-12-28T01:54:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38145.json b/2022/CVE-2022-38145.json deleted file mode 100644 index 40ba87f81d..0000000000 --- a/2022/CVE-2022-38145.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841911, - "name": "CVE-2022-38145", - "full_name": "Live-Hack-CVE\/CVE-2022-38145", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38145", - "description": "Silverstripe silverstripe\/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:55Z", - "updated_at": "2022-12-28T02:38:55Z", - "pushed_at": "2022-12-28T02:38:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38146.json b/2022/CVE-2022-38146.json deleted file mode 100644 index 333a16078a..0000000000 --- a/2022/CVE-2022-38146.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873632, - "name": "CVE-2022-38146", - "full_name": "Live-Hack-CVE\/CVE-2022-38146", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38146", - "description": "Silverstripe silverstripe\/framework through 4.11 allows XSS (issue 2 of 3). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:32Z", - "updated_at": "2022-12-28T05:22:32Z", - "pushed_at": "2022-12-28T05:22:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38147.json b/2022/CVE-2022-38147.json deleted file mode 100644 index ed7c8dd4b0..0000000000 --- a/2022/CVE-2022-38147.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841877, - "name": "CVE-2022-38147", - "full_name": "Live-Hack-CVE\/CVE-2022-38147", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38147", - "description": "Silverstripe silverstripe\/framework through 4.11 allows XSS (issue 3 of 3). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:45Z", - "updated_at": "2022-12-28T02:38:45Z", - "pushed_at": "2022-12-28T02:38:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38148.json b/2022/CVE-2022-38148.json deleted file mode 100644 index 2f1d961d07..0000000000 --- a/2022/CVE-2022-38148.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873649, - "name": "CVE-2022-38148", - "full_name": "Live-Hack-CVE\/CVE-2022-38148", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38148", - "description": "Silverstripe silverstripe\/framework through 4.11 allows SQL Injection. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:35Z", - "updated_at": "2022-12-28T05:22:35Z", - "pushed_at": "2022-12-28T05:22:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38150.json b/2022/CVE-2022-38150.json deleted file mode 100644 index 1649e72c26..0000000000 --- a/2022/CVE-2022-38150.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848949, - "name": "CVE-2022-38150", - "full_name": "Live-Hack-CVE\/CVE-2022-38150", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38150", - "description": "In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP\/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:15:14Z", - "updated_at": "2022-12-28T03:15:14Z", - "pushed_at": "2022-12-28T03:15:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38163.json b/2022/CVE-2022-38163.json deleted file mode 100644 index 74544d0790..0000000000 --- a/2022/CVE-2022-38163.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848880, - "name": "CVE-2022-38163", - "full_name": "Live-Hack-CVE\/CVE-2022-38163", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38163", - "description": "A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:14:56Z", - "updated_at": "2022-12-28T03:14:56Z", - "pushed_at": "2022-12-28T03:14:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38164.json b/2022/CVE-2022-38164.json new file mode 100644 index 0000000000..b87076a739 --- /dev/null +++ b/2022/CVE-2022-38164.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982105, + "name": "CVE-2022-38164", + "full_name": "Live-Hack-CVE\/CVE-2022-38164", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38164", + "description": "WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:57Z", + "updated_at": "2022-12-28T12:16:57Z", + "pushed_at": "2022-12-28T12:16:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38165.json b/2022/CVE-2022-38165.json deleted file mode 100644 index 52e92efbd4..0000000000 --- a/2022/CVE-2022-38165.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873795, - "name": "CVE-2022-38165", - "full_name": "Live-Hack-CVE\/CVE-2022-38165", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38165", - "description": "Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:23Z", - "updated_at": "2022-12-28T05:23:23Z", - "pushed_at": "2022-12-28T05:23:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38166.json b/2022/CVE-2022-38166.json deleted file mode 100644 index 66cc44c012..0000000000 --- a/2022/CVE-2022-38166.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841167, - "name": "CVE-2022-38166", - "full_name": "Live-Hack-CVE\/CVE-2022-38166", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38166", - "description": "In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:35:17Z", - "updated_at": "2022-12-28T02:35:17Z", - "pushed_at": "2022-12-28T02:35:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38167.json b/2022/CVE-2022-38167.json new file mode 100644 index 0000000000..91773a736b --- /dev/null +++ b/2022/CVE-2022-38167.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902870, + "name": "CVE-2022-38167", + "full_name": "Live-Hack-CVE\/CVE-2022-38167", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38167", + "description": "The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:35Z", + "updated_at": "2022-12-28T07:25:35Z", + "pushed_at": "2022-12-28T07:25:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38168.json b/2022/CVE-2022-38168.json new file mode 100644 index 0000000000..a2c4c34c61 --- /dev/null +++ b/2022/CVE-2022-38168.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981586, + "name": "CVE-2022-38168", + "full_name": "Live-Hack-CVE\/CVE-2022-38168", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38168", + "description": "** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:09Z", + "updated_at": "2022-12-28T12:15:09Z", + "pushed_at": "2022-12-28T12:15:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38178.json b/2022/CVE-2022-38178.json deleted file mode 100644 index 6ac49ac03e..0000000000 --- a/2022/CVE-2022-38178.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819451, - "name": "CVE-2022-38178", - "full_name": "Live-Hack-CVE\/CVE-2022-38178", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38178", - "description": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:35Z", - "updated_at": "2022-12-28T00:34:35Z", - "pushed_at": "2022-12-28T00:34:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3818.json b/2022/CVE-2022-3818.json new file mode 100644 index 0000000000..58ba72ce1a --- /dev/null +++ b/2022/CVE-2022-3818.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948494, + "name": "CVE-2022-3818", + "full_name": "Live-Hack-CVE\/CVE-2022-3818", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3818", + "description": "An uncontrolled resource consumption issue when parsing URLs in GitLab CE\/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:14:51Z", + "updated_at": "2022-12-28T10:14:51Z", + "pushed_at": "2022-12-28T10:14:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38183.json b/2022/CVE-2022-38183.json new file mode 100644 index 0000000000..99dd4255bb --- /dev/null +++ b/2022/CVE-2022-38183.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922558, + "name": "CVE-2022-38183", + "full_name": "Live-Hack-CVE\/CVE-2022-38183", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38183", + "description": "In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:03Z", + "updated_at": "2022-12-28T08:42:03Z", + "pushed_at": "2022-12-28T08:42:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3819.json b/2022/CVE-2022-3819.json new file mode 100644 index 0000000000..1ebe061d04 --- /dev/null +++ b/2022/CVE-2022-3819.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948381, + "name": "CVE-2022-3819", + "full_name": "Live-Hack-CVE\/CVE-2022-3819", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3819", + "description": "An improper authorization issue in GitLab CE\/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:14:27Z", + "updated_at": "2022-12-28T10:14:27Z", + "pushed_at": "2022-12-28T10:14:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3821.json b/2022/CVE-2022-3821.json deleted file mode 100644 index d0dd80d1ea..0000000000 --- a/2022/CVE-2022-3821.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824771, - "name": "CVE-2022-3821", - "full_name": "Live-Hack-CVE\/CVE-2022-3821", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3821", - "description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:35Z", - "updated_at": "2022-12-28T01:06:35Z", - "pushed_at": "2022-12-28T01:06:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3822.json b/2022/CVE-2022-3822.json deleted file mode 100644 index 981195ec20..0000000000 --- a/2022/CVE-2022-3822.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848241, - "name": "CVE-2022-3822", - "full_name": "Live-Hack-CVE\/CVE-2022-3822", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3822", - "description": "The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:11:34Z", - "updated_at": "2022-12-28T03:11:34Z", - "pushed_at": "2022-12-28T03:11:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3823.json b/2022/CVE-2022-3823.json deleted file mode 100644 index 102f7035a2..0000000000 --- a/2022/CVE-2022-3823.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848233, - "name": "CVE-2022-3823", - "full_name": "Live-Hack-CVE\/CVE-2022-3823", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3823", - "description": "The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:11:31Z", - "updated_at": "2022-12-28T03:11:31Z", - "pushed_at": "2022-12-28T03:11:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3824.json b/2022/CVE-2022-3824.json deleted file mode 100644 index 1abb8828e2..0000000000 --- a/2022/CVE-2022-3824.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848157, - "name": "CVE-2022-3824", - "full_name": "Live-Hack-CVE\/CVE-2022-3824", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3824", - "description": "The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:11:06Z", - "updated_at": "2022-12-28T03:11:06Z", - "pushed_at": "2022-12-28T03:11:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3828.json b/2022/CVE-2022-3828.json deleted file mode 100644 index 4802b6b16f..0000000000 --- a/2022/CVE-2022-3828.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848170, - "name": "CVE-2022-3828", - "full_name": "Live-Hack-CVE\/CVE-2022-3828", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3828", - "description": "The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:11:10Z", - "updated_at": "2022-12-28T03:11:10Z", - "pushed_at": "2022-12-28T03:11:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3831.json b/2022/CVE-2022-3831.json deleted file mode 100644 index 99af4ddd1f..0000000000 --- a/2022/CVE-2022-3831.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848143, - "name": "CVE-2022-3831", - "full_name": "Live-Hack-CVE\/CVE-2022-3831", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3831", - "description": "The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:11:03Z", - "updated_at": "2022-12-28T03:11:03Z", - "pushed_at": "2022-12-28T03:11:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3833.json b/2022/CVE-2022-3833.json deleted file mode 100644 index 7c2a2688b5..0000000000 --- a/2022/CVE-2022-3833.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848135, - "name": "CVE-2022-3833", - "full_name": "Live-Hack-CVE\/CVE-2022-3833", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3833", - "description": "The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:59Z", - "updated_at": "2022-12-28T03:10:59Z", - "pushed_at": "2022-12-28T03:11:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3834.json b/2022/CVE-2022-3834.json deleted file mode 100644 index 361f13ed80..0000000000 --- a/2022/CVE-2022-3834.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848109, - "name": "CVE-2022-3834", - "full_name": "Live-Hack-CVE\/CVE-2022-3834", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3834", - "description": "The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:52Z", - "updated_at": "2022-12-28T03:10:52Z", - "pushed_at": "2022-12-28T03:10:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38377.json b/2022/CVE-2022-38377.json deleted file mode 100644 index c682735ee7..0000000000 --- a/2022/CVE-2022-38377.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840540, - "name": "CVE-2022-38377", - "full_name": "Live-Hack-CVE\/CVE-2022-38377", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38377", - "description": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assi CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:32:07Z", - "updated_at": "2022-12-28T02:32:07Z", - "pushed_at": "2022-12-28T02:32:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38385.json b/2022/CVE-2022-38385.json new file mode 100644 index 0000000000..669f8321be --- /dev/null +++ b/2022/CVE-2022-38385.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892695, + "name": "CVE-2022-38385", + "full_name": "Live-Hack-CVE\/CVE-2022-38385", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38385", + "description": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:22Z", + "updated_at": "2022-12-28T06:44:22Z", + "pushed_at": "2022-12-28T06:44:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38387.json b/2022/CVE-2022-38387.json new file mode 100644 index 0000000000..95627e389d --- /dev/null +++ b/2022/CVE-2022-38387.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936003, + "name": "CVE-2022-38387", + "full_name": "Live-Hack-CVE\/CVE-2022-38387", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38387", + "description": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:48Z", + "updated_at": "2022-12-28T09:30:48Z", + "pushed_at": "2022-12-28T09:30:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3839.json b/2022/CVE-2022-3839.json deleted file mode 100644 index f0b4eaa66f..0000000000 --- a/2022/CVE-2022-3839.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848127, - "name": "CVE-2022-3839", - "full_name": "Live-Hack-CVE\/CVE-2022-3839", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3839", - "description": "The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:56Z", - "updated_at": "2022-12-28T03:10:56Z", - "pushed_at": "2022-12-28T03:10:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38390.json b/2022/CVE-2022-38390.json new file mode 100644 index 0000000000..2cebd45fa3 --- /dev/null +++ b/2022/CVE-2022-38390.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891724, + "name": "CVE-2022-38390", + "full_name": "Live-Hack-CVE\/CVE-2022-38390", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38390", + "description": "Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:36Z", + "updated_at": "2022-12-28T06:40:36Z", + "pushed_at": "2022-12-28T06:40:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38462.json b/2022/CVE-2022-38462.json deleted file mode 100644 index 3a9fc3d3a1..0000000000 --- a/2022/CVE-2022-38462.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865093, - "name": "CVE-2022-38462", - "full_name": "Live-Hack-CVE\/CVE-2022-38462", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38462", - "description": "Silverstripe silverstripe\/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a \/dev\/build or \/Security\/login request. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:16Z", - "updated_at": "2022-12-28T04:40:16Z", - "pushed_at": "2022-12-28T04:40:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38465.json b/2022/CVE-2022-38465.json new file mode 100644 index 0000000000..e5e9338a93 --- /dev/null +++ b/2022/CVE-2022-38465.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982507, + "name": "CVE-2022-38465", + "full_name": "Live-Hack-CVE\/CVE-2022-38465", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38465", + "description": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:16Z", + "updated_at": "2022-12-28T12:18:16Z", + "pushed_at": "2022-12-28T12:18:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3847.json b/2022/CVE-2022-3847.json deleted file mode 100644 index ba70be1981..0000000000 --- a/2022/CVE-2022-3847.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825852, - "name": "CVE-2022-3847", - "full_name": "Live-Hack-CVE\/CVE-2022-3847", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3847", - "description": "The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:12:51Z", - "updated_at": "2022-12-28T01:12:51Z", - "pushed_at": "2022-12-28T01:12:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3848.json b/2022/CVE-2022-3848.json deleted file mode 100644 index fa9f70a35f..0000000000 --- a/2022/CVE-2022-3848.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825801, - "name": "CVE-2022-3848", - "full_name": "Live-Hack-CVE\/CVE-2022-3848", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3848", - "description": "The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:12:37Z", - "updated_at": "2022-12-28T01:12:37Z", - "pushed_at": "2022-12-28T01:12:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3849.json b/2022/CVE-2022-3849.json deleted file mode 100644 index 2782a1f4ec..0000000000 --- a/2022/CVE-2022-3849.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825811, - "name": "CVE-2022-3849", - "full_name": "Live-Hack-CVE\/CVE-2022-3849", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3849", - "description": "The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:12:41Z", - "updated_at": "2022-12-28T01:12:41Z", - "pushed_at": "2022-12-28T01:12:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3850.json b/2022/CVE-2022-3850.json deleted file mode 100644 index a46c24a700..0000000000 --- a/2022/CVE-2022-3850.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848099, - "name": "CVE-2022-3850", - "full_name": "Live-Hack-CVE\/CVE-2022-3850", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3850", - "description": "The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:49Z", - "updated_at": "2022-12-28T03:10:49Z", - "pushed_at": "2022-12-28T03:10:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38537.json b/2022/CVE-2022-38537.json new file mode 100644 index 0000000000..1a28496045 --- /dev/null +++ b/2022/CVE-2022-38537.json @@ -0,0 +1,31 @@ +[ + { + "id": 582983237, + "name": "CVE-2022-38537", + "full_name": "Live-Hack-CVE\/CVE-2022-38537", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38537", + "description": "Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:20:54Z", + "updated_at": "2022-12-28T12:20:54Z", + "pushed_at": "2022-12-28T12:20:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38577.json b/2022/CVE-2022-38577.json new file mode 100644 index 0000000000..5d4016f98b --- /dev/null +++ b/2022/CVE-2022-38577.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936468, + "name": "CVE-2022-38577", + "full_name": "Live-Hack-CVE\/CVE-2022-38577", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38577", + "description": "ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:32:28Z", + "updated_at": "2022-12-28T09:32:28Z", + "pushed_at": "2022-12-28T09:32:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38582.json b/2022/CVE-2022-38582.json new file mode 100644 index 0000000000..d7cbc488b0 --- /dev/null +++ b/2022/CVE-2022-38582.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981621, + "name": "CVE-2022-38582", + "full_name": "Live-Hack-CVE\/CVE-2022-38582", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38582", + "description": "Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:16Z", + "updated_at": "2022-12-28T12:15:16Z", + "pushed_at": "2022-12-28T12:15:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3859.json b/2022/CVE-2022-3859.json deleted file mode 100644 index 56ed971f92..0000000000 --- a/2022/CVE-2022-3859.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832617, - "name": "CVE-2022-3859", - "full_name": "Live-Hack-CVE\/CVE-2022-3859", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3859", - "description": "An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:17Z", - "updated_at": "2022-12-28T01:51:17Z", - "pushed_at": "2022-12-28T01:51:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3861.json b/2022/CVE-2022-3861.json deleted file mode 100644 index b6488b8e82..0000000000 --- a/2022/CVE-2022-3861.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841774, - "name": "CVE-2022-3861", - "full_name": "Live-Hack-CVE\/CVE-2022-3861", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3861", - "description": "The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsingle CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:17Z", - "updated_at": "2022-12-28T02:38:17Z", - "pushed_at": "2022-12-28T02:38:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38649.json b/2022/CVE-2022-38649.json deleted file mode 100644 index 8989a904cd..0000000000 --- a/2022/CVE-2022-38649.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849663, - "name": "CVE-2022-38649", - "full_name": "Live-Hack-CVE\/CVE-2022-38649", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38649", - "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider ver CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:53Z", - "updated_at": "2022-12-28T03:18:53Z", - "pushed_at": "2022-12-28T03:18:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3865.json b/2022/CVE-2022-3865.json deleted file mode 100644 index 8aa8bc1108..0000000000 --- a/2022/CVE-2022-3865.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825792, - "name": "CVE-2022-3865", - "full_name": "Live-Hack-CVE\/CVE-2022-3865", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3865", - "description": "The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:12:34Z", - "updated_at": "2022-12-28T01:12:34Z", - "pushed_at": "2022-12-28T01:12:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38650.json b/2022/CVE-2022-38650.json new file mode 100644 index 0000000000..998e432555 --- /dev/null +++ b/2022/CVE-2022-38650.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913636, + "name": "CVE-2022-38650", + "full_name": "Live-Hack-CVE\/CVE-2022-38650", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38650", + "description": "** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic serv CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:51Z", + "updated_at": "2022-12-28T08:07:51Z", + "pushed_at": "2022-12-28T08:07:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38651.json b/2022/CVE-2022-38651.json new file mode 100644 index 0000000000..658e8aa172 --- /dev/null +++ b/2022/CVE-2022-38651.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913652, + "name": "CVE-2022-38651", + "full_name": "Live-Hack-CVE\/CVE-2022-38651", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38651", + "description": "** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer sup CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:55Z", + "updated_at": "2022-12-28T08:07:55Z", + "pushed_at": "2022-12-28T08:07:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38652.json b/2022/CVE-2022-38652.json new file mode 100644 index 0000000000..a53aa75ffc --- /dev/null +++ b/2022/CVE-2022-38652.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913672, + "name": "CVE-2022-38652", + "full_name": "Live-Hack-CVE\/CVE-2022-38652", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38652", + "description": "** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyper CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:59Z", + "updated_at": "2022-12-28T08:07:59Z", + "pushed_at": "2022-12-28T08:08:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3866.json b/2022/CVE-2022-3866.json new file mode 100644 index 0000000000..301b68149f --- /dev/null +++ b/2022/CVE-2022-3866.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936755, + "name": "CVE-2022-3866", + "full_name": "Live-Hack-CVE\/CVE-2022-3866", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3866", + "description": "HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad\/ that belong to other jobs in the same namespace. Fixed in 1.4.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:37Z", + "updated_at": "2022-12-28T09:33:37Z", + "pushed_at": "2022-12-28T09:33:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3867.json b/2022/CVE-2022-3867.json new file mode 100644 index 0000000000..5cea52ad83 --- /dev/null +++ b/2022/CVE-2022-3867.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936739, + "name": "CVE-2022-3867", + "full_name": "Live-Hack-CVE\/CVE-2022-3867", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3867", + "description": "HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:33Z", + "updated_at": "2022-12-28T09:33:34Z", + "pushed_at": "2022-12-28T09:33:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3868.json b/2022/CVE-2022-3868.json new file mode 100644 index 0000000000..20803d7eb8 --- /dev/null +++ b/2022/CVE-2022-3868.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982593, + "name": "CVE-2022-3868", + "full_name": "Live-Hack-CVE\/CVE-2022-3868", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3868", + "description": "A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file \/php-sms\/classes\/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been dis CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:36Z", + "updated_at": "2022-12-28T12:18:36Z", + "pushed_at": "2022-12-28T12:18:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3869.json b/2022/CVE-2022-3869.json new file mode 100644 index 0000000000..493bf21b08 --- /dev/null +++ b/2022/CVE-2022-3869.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982578, + "name": "CVE-2022-3869", + "full_name": "Live-Hack-CVE\/CVE-2022-3869", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3869", + "description": "Code Injection in GitHub repository froxlor\/froxlor prior to 0.10.38.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:32Z", + "updated_at": "2022-12-28T12:18:32Z", + "pushed_at": "2022-12-28T12:18:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38705.json b/2022/CVE-2022-38705.json new file mode 100644 index 0000000000..c56806f393 --- /dev/null +++ b/2022/CVE-2022-38705.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914669, + "name": "CVE-2022-38705", + "full_name": "Live-Hack-CVE\/CVE-2022-38705", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38705", + "description": "IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:11:45Z", + "updated_at": "2022-12-28T08:11:45Z", + "pushed_at": "2022-12-28T08:11:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38724.json b/2022/CVE-2022-38724.json deleted file mode 100644 index bc07ee59d3..0000000000 --- a/2022/CVE-2022-38724.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857453, - "name": "CVE-2022-38724", - "full_name": "Live-Hack-CVE\/CVE-2022-38724", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38724", - "description": "Silverstripe silverstripe\/framework through 4.11.0, silverstripe\/assets through 1.11.0, and silverstripe\/asset-admin through 1.11.0 allow XSS. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:00:11Z", - "updated_at": "2022-12-28T04:00:11Z", - "pushed_at": "2022-12-28T04:00:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3873.json b/2022/CVE-2022-3873.json new file mode 100644 index 0000000000..e2da7b0645 --- /dev/null +++ b/2022/CVE-2022-3873.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982820, + "name": "CVE-2022-3873", + "full_name": "Live-Hack-CVE\/CVE-2022-3873", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3873", + "description": "Cross-site Scripting (XSS) - DOM in GitHub repository jgraph\/drawio prior to 20.5.2. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:26Z", + "updated_at": "2022-12-28T12:19:26Z", + "pushed_at": "2022-12-28T12:19:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38753.json b/2022/CVE-2022-38753.json deleted file mode 100644 index 860e40635a..0000000000 --- a/2022/CVE-2022-38753.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832465, - "name": "CVE-2022-38753", - "full_name": "Live-Hack-CVE\/CVE-2022-38753", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38753", - "description": "This update resolves a multi-factor authentication bypass attack CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:25Z", - "updated_at": "2022-12-28T01:50:25Z", - "pushed_at": "2022-12-28T01:50:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38755.json b/2022/CVE-2022-38755.json deleted file mode 100644 index cb1c58e0d3..0000000000 --- a/2022/CVE-2022-38755.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865101, - "name": "CVE-2022-38755", - "full_name": "Live-Hack-CVE\/CVE-2022-38755", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38755", - "description": "A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:19Z", - "updated_at": "2022-12-28T04:40:19Z", - "pushed_at": "2022-12-28T04:40:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38767.json b/2022/CVE-2022-38767.json deleted file mode 100644 index af9b7905b8..0000000000 --- a/2022/CVE-2022-38767.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840501, - "name": "CVE-2022-38767", - "full_name": "Live-Hack-CVE\/CVE-2022-38767", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38767", - "description": "An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:57Z", - "updated_at": "2022-12-28T02:31:57Z", - "pushed_at": "2022-12-28T02:31:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3878.json b/2022/CVE-2022-3878.json new file mode 100644 index 0000000000..3b57a9e90f --- /dev/null +++ b/2022/CVE-2022-3878.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969178, + "name": "CVE-2022-3878", + "full_name": "Live-Hack-CVE\/CVE-2022-3878", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3878", + "description": "A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file \/index.php\/purchase_order\/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be u CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:50Z", + "updated_at": "2022-12-28T11:30:50Z", + "pushed_at": "2022-12-28T11:30:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-38801.json b/2022/CVE-2022-38801.json deleted file mode 100644 index 3c921236b6..0000000000 --- a/2022/CVE-2022-38801.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832502, - "name": "CVE-2022-38801", - "full_name": "Live-Hack-CVE\/CVE-2022-38801", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38801", - "description": "In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:39Z", - "updated_at": "2022-12-28T01:50:39Z", - "pushed_at": "2022-12-28T01:50:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38802.json b/2022/CVE-2022-38802.json deleted file mode 100644 index a84a5ed928..0000000000 --- a/2022/CVE-2022-38802.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832294, - "name": "CVE-2022-38802", - "full_name": "Live-Hack-CVE\/CVE-2022-38802", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38802", - "description": "Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:33Z", - "updated_at": "2022-12-28T01:49:33Z", - "pushed_at": "2022-12-28T01:49:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38803.json b/2022/CVE-2022-38803.json deleted file mode 100644 index fc50f55153..0000000000 --- a/2022/CVE-2022-38803.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832305, - "name": "CVE-2022-38803", - "full_name": "Live-Hack-CVE\/CVE-2022-38803", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38803", - "description": "Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:36Z", - "updated_at": "2022-12-28T01:49:37Z", - "pushed_at": "2022-12-28T01:49:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38813.json b/2022/CVE-2022-38813.json deleted file mode 100644 index 07e398e19b..0000000000 --- a/2022/CVE-2022-38813.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848484, - "name": "CVE-2022-38813", - "full_name": "Live-Hack-CVE\/CVE-2022-38813", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38813", - "description": "PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin\/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:50Z", - "updated_at": "2022-12-28T03:12:50Z", - "pushed_at": "2022-12-28T03:12:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38871.json b/2022/CVE-2022-38871.json deleted file mode 100644 index 9d496bb036..0000000000 --- a/2022/CVE-2022-38871.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864263, - "name": "CVE-2022-38871", - "full_name": "Live-Hack-CVE\/CVE-2022-38871", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38871", - "description": "In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:35:56Z", - "updated_at": "2022-12-28T04:35:57Z", - "pushed_at": "2022-12-28T04:35:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-38900.json b/2022/CVE-2022-38900.json deleted file mode 100644 index d7e09d3c0b..0000000000 --- a/2022/CVE-2022-38900.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833735, - "name": "CVE-2022-38900", - "full_name": "Live-Hack-CVE\/CVE-2022-38900", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-38900", - "description": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:07Z", - "updated_at": "2022-12-28T01:57:07Z", - "pushed_at": "2022-12-28T01:57:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3893.json b/2022/CVE-2022-3893.json new file mode 100644 index 0000000000..fabdd66463 --- /dev/null +++ b/2022/CVE-2022-3893.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922777, + "name": "CVE-2022-3893", + "full_name": "Live-Hack-CVE\/CVE-2022-3893", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3893", + "description": "Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:53Z", + "updated_at": "2022-12-28T08:42:53Z", + "pushed_at": "2022-12-28T08:42:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3895.json b/2022/CVE-2022-3895.json new file mode 100644 index 0000000000..970ae24cea --- /dev/null +++ b/2022/CVE-2022-3895.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922788, + "name": "CVE-2022-3895", + "full_name": "Live-Hack-CVE\/CVE-2022-3895", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3895", + "description": "Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:56Z", + "updated_at": "2022-12-28T08:42:56Z", + "pushed_at": "2022-12-28T08:42:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3896.json b/2022/CVE-2022-3896.json deleted file mode 100644 index 9c48c1072f..0000000000 --- a/2022/CVE-2022-3896.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839787, - "name": "CVE-2022-3896", - "full_name": "Live-Hack-CVE\/CVE-2022-3896", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3896", - "description": "The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER[\"REQUEST_URI\"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:28:22Z", - "updated_at": "2022-12-28T02:28:22Z", - "pushed_at": "2022-12-28T02:28:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3897.json b/2022/CVE-2022-3897.json deleted file mode 100644 index 8c11b99ae3..0000000000 --- a/2022/CVE-2022-3897.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839819, - "name": "CVE-2022-3897", - "full_name": "Live-Hack-CVE\/CVE-2022-3897", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3897", - "description": "The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to in CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:28:33Z", - "updated_at": "2022-12-28T02:28:33Z", - "pushed_at": "2022-12-28T02:28:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3898.json b/2022/CVE-2022-3898.json deleted file mode 100644 index e97a384999..0000000000 --- a/2022/CVE-2022-3898.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839808, - "name": "CVE-2022-3898", - "full_name": "Live-Hack-CVE\/CVE-2022-3898", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3898", - "description": "The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate rec CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:28:29Z", - "updated_at": "2022-12-28T02:28:29Z", - "pushed_at": "2022-12-28T02:28:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39028.json b/2022/CVE-2022-39028.json deleted file mode 100644 index 6a72601be5..0000000000 --- a/2022/CVE-2022-39028.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848942, - "name": "CVE-2022-39028", - "full_name": "Live-Hack-CVE\/CVE-2022-39028", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39028", - "description": "telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many cras CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:15:11Z", - "updated_at": "2022-12-28T03:15:11Z", - "pushed_at": "2022-12-28T03:15:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3903.json b/2022/CVE-2022-3903.json new file mode 100644 index 0000000000..2a2d3c8c89 --- /dev/null +++ b/2022/CVE-2022-3903.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902945, + "name": "CVE-2022-3903", + "full_name": "Live-Hack-CVE\/CVE-2022-3903", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3903", + "description": "An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:50Z", + "updated_at": "2022-12-28T07:25:50Z", + "pushed_at": "2022-12-28T07:25:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39036.json b/2022/CVE-2022-39036.json new file mode 100644 index 0000000000..43fb2e9c39 --- /dev/null +++ b/2022/CVE-2022-39036.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936776, + "name": "CVE-2022-39036", + "full_name": "Live-Hack-CVE\/CVE-2022-39036", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39036", + "description": "The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:40Z", + "updated_at": "2022-12-28T09:33:40Z", + "pushed_at": "2022-12-28T09:33:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39037.json b/2022/CVE-2022-39037.json new file mode 100644 index 0000000000..e26b6f754c --- /dev/null +++ b/2022/CVE-2022-39037.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936716, + "name": "CVE-2022-39037", + "full_name": "Live-Hack-CVE\/CVE-2022-39037", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39037", + "description": "Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:25Z", + "updated_at": "2022-12-28T09:33:25Z", + "pushed_at": "2022-12-28T09:33:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39038.json b/2022/CVE-2022-39038.json new file mode 100644 index 0000000000..0d88b1556d --- /dev/null +++ b/2022/CVE-2022-39038.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936700, + "name": "CVE-2022-39038", + "full_name": "Live-Hack-CVE\/CVE-2022-39038", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39038", + "description": "Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:22Z", + "updated_at": "2022-12-28T09:33:22Z", + "pushed_at": "2022-12-28T09:33:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39066.json b/2022/CVE-2022-39066.json deleted file mode 100644 index 5e9afc9655..0000000000 --- a/2022/CVE-2022-39066.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582842076, - "name": "CVE-2022-39066", - "full_name": "Live-Hack-CVE\/CVE-2022-39066", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39066", - "description": "There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:39:38Z", - "updated_at": "2022-12-28T02:39:38Z", - "pushed_at": "2022-12-28T02:39:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39067.json b/2022/CVE-2022-39067.json deleted file mode 100644 index eeed3203c9..0000000000 --- a/2022/CVE-2022-39067.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582842058, - "name": "CVE-2022-39067", - "full_name": "Live-Hack-CVE\/CVE-2022-39067", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39067", - "description": "There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:39:35Z", - "updated_at": "2022-12-28T02:39:35Z", - "pushed_at": "2022-12-28T02:39:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39069.json b/2022/CVE-2022-39069.json new file mode 100644 index 0000000000..29f9ce7a34 --- /dev/null +++ b/2022/CVE-2022-39069.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969906, + "name": "CVE-2022-39069", + "full_name": "Live-Hack-CVE\/CVE-2022-39069", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39069", + "description": "There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:27Z", + "updated_at": "2022-12-28T11:33:27Z", + "pushed_at": "2022-12-28T11:33:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39070.json b/2022/CVE-2022-39070.json deleted file mode 100644 index e831b01904..0000000000 --- a/2022/CVE-2022-39070.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856897, - "name": "CVE-2022-39070", - "full_name": "Live-Hack-CVE\/CVE-2022-39070", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39070", - "description": "There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:15Z", - "updated_at": "2022-12-28T03:57:15Z", - "pushed_at": "2022-12-28T03:57:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3910.json b/2022/CVE-2022-3910.json deleted file mode 100644 index eaeea5531f..0000000000 --- a/2022/CVE-2022-3910.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864583, - "name": "CVE-2022-3910", - "full_name": "Live-Hack-CVE\/CVE-2022-3910", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3910", - "description": "Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-Afte CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:35Z", - "updated_at": "2022-12-28T04:37:35Z", - "pushed_at": "2022-12-28T04:37:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39135.json b/2022/CVE-2022-39135.json deleted file mode 100644 index 347aa362cc..0000000000 --- a/2022/CVE-2022-39135.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873959, - "name": "CVE-2022-39135", - "full_name": "Live-Hack-CVE\/CVE-2022-39135", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39135", - "description": "In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typical CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:10Z", - "updated_at": "2022-12-28T05:24:10Z", - "pushed_at": "2022-12-28T05:24:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39157.json b/2022/CVE-2022-39157.json new file mode 100644 index 0000000000..0814c11433 --- /dev/null +++ b/2022/CVE-2022-39157.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981364, + "name": "CVE-2022-39157", + "full_name": "Live-Hack-CVE\/CVE-2022-39157", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39157", + "description": "A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V3 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:26Z", + "updated_at": "2022-12-28T12:14:26Z", + "pushed_at": "2022-12-28T12:14:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39158.json b/2022/CVE-2022-39158.json new file mode 100644 index 0000000000..7e34ee4b59 --- /dev/null +++ b/2022/CVE-2022-39158.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982517, + "name": "CVE-2022-39158", + "full_name": "Live-Hack-CVE\/CVE-2022-39158", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39158", + "description": "A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All versions), RUGGEDCOM ROS RMC8388 V4.X (All versions), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RP110 V4.X (All versions), RUGGEDCOM ROS RS1600 V4.X (All versions), RUGGEDCOM ROS RS1600F V4.X (All versions), RUGGEDCOM ROS RS160 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:19Z", + "updated_at": "2022-12-28T12:18:19Z", + "pushed_at": "2022-12-28T12:18:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39173.json b/2022/CVE-2022-39173.json deleted file mode 100644 index 7bd9712f68..0000000000 --- a/2022/CVE-2022-39173.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819476, - "name": "CVE-2022-39173", - "full_name": "Live-Hack-CVE\/CVE-2022-39173", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39173", - "description": "In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher sui CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:45Z", - "updated_at": "2022-12-28T00:34:45Z", - "pushed_at": "2022-12-28T00:34:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39178.json b/2022/CVE-2022-39178.json deleted file mode 100644 index 9d3d7aceb5..0000000000 --- a/2022/CVE-2022-39178.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873805, - "name": "CVE-2022-39178", - "full_name": "Live-Hack-CVE\/CVE-2022-39178", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39178", - "description": "Webvendome - Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:26Z", - "updated_at": "2022-12-28T05:23:26Z", - "pushed_at": "2022-12-28T05:23:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39179.json b/2022/CVE-2022-39179.json new file mode 100644 index 0000000000..de70bf602b --- /dev/null +++ b/2022/CVE-2022-39179.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891899, + "name": "CVE-2022-39179", + "full_name": "Live-Hack-CVE\/CVE-2022-39179", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39179", + "description": "College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:41:15Z", + "updated_at": "2022-12-28T06:41:15Z", + "pushed_at": "2022-12-28T06:41:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39180.json b/2022/CVE-2022-39180.json new file mode 100644 index 0000000000..353745f970 --- /dev/null +++ b/2022/CVE-2022-39180.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891863, + "name": "CVE-2022-39180", + "full_name": "Live-Hack-CVE\/CVE-2022-39180", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39180", + "description": "College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:41:08Z", + "updated_at": "2022-12-28T06:41:08Z", + "pushed_at": "2022-12-28T06:41:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39181.json b/2022/CVE-2022-39181.json deleted file mode 100644 index 33fa5a5525..0000000000 --- a/2022/CVE-2022-39181.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865388, - "name": "CVE-2022-39181", - "full_name": "Live-Hack-CVE\/CVE-2022-39181", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39181", - "description": "GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:41:51Z", - "updated_at": "2022-12-28T04:41:51Z", - "pushed_at": "2022-12-28T04:41:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39199.json b/2022/CVE-2022-39199.json deleted file mode 100644 index a6b59da200..0000000000 --- a/2022/CVE-2022-39199.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863821, - "name": "CVE-2022-39199", - "full_name": "Live-Hack-CVE\/CVE-2022-39199", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39199", - "description": "immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value re CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:48Z", - "updated_at": "2022-12-28T04:33:48Z", - "pushed_at": "2022-12-28T04:33:50Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3920.json b/2022/CVE-2022-3920.json new file mode 100644 index 0000000000..2dd08a58b8 --- /dev/null +++ b/2022/CVE-2022-3920.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891173, + "name": "CVE-2022-3920", + "full_name": "Live-Hack-CVE\/CVE-2022-3920", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3920", + "description": "HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:22Z", + "updated_at": "2022-12-28T06:38:22Z", + "pushed_at": "2022-12-28T06:38:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39209.json b/2022/CVE-2022-39209.json new file mode 100644 index 0000000000..3709d8ffb1 --- /dev/null +++ b/2022/CVE-2022-39209.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947311, + "name": "CVE-2022-39209", + "full_name": "Live-Hack-CVE\/CVE-2022-39209", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39209", + "description": "cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `pyth CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:10:48Z", + "updated_at": "2022-12-28T10:10:48Z", + "pushed_at": "2022-12-28T10:10:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39222.json b/2022/CVE-2022-39222.json deleted file mode 100644 index ff567bb891..0000000000 --- a/2022/CVE-2022-39222.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819120, - "name": "CVE-2022-39222", - "full_name": "Live-Hack-CVE\/CVE-2022-39222", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39222", - "description": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerab CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:32:40Z", - "updated_at": "2022-12-28T00:32:40Z", - "pushed_at": "2022-12-28T00:32:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39237.json b/2022/CVE-2022-39237.json new file mode 100644 index 0000000000..2b648b7eb4 --- /dev/null +++ b/2022/CVE-2022-39237.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935144, + "name": "CVE-2022-39237", + "full_name": "Live-Hack-CVE\/CVE-2022-39237", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39237", + "description": "syslabs\/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com\/sylabs\/sif\/v2\/pkg\/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the modul CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:03Z", + "updated_at": "2022-12-28T09:28:03Z", + "pushed_at": "2022-12-28T09:28:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39244.json b/2022/CVE-2022-39244.json new file mode 100644 index 0000000000..595a5443e6 --- /dev/null +++ b/2022/CVE-2022-39244.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959696, + "name": "CVE-2022-39244", + "full_name": "Live-Hack-CVE\/CVE-2022-39244", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39244", + "description": "PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:50Z", + "updated_at": "2022-12-28T10:55:50Z", + "pushed_at": "2022-12-28T10:55:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39250.json b/2022/CVE-2022-39250.json deleted file mode 100644 index 7532457993..0000000000 --- a/2022/CVE-2022-39250.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819327, - "name": "CVE-2022-39250", - "full_name": "Live-Hack-CVE\/CVE-2022-39250", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39250", - "description": "Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identiti CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:45Z", - "updated_at": "2022-12-28T00:33:45Z", - "pushed_at": "2022-12-28T00:33:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39251.json b/2022/CVE-2022-39251.json deleted file mode 100644 index 041c7ab155..0000000000 --- a/2022/CVE-2022-39251.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819316, - "name": "CVE-2022-39251", - "full_name": "Live-Hack-CVE\/CVE-2022-39251", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39251", - "description": "Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooper CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:42Z", - "updated_at": "2022-12-28T00:33:42Z", - "pushed_at": "2022-12-28T00:33:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39264.json b/2022/CVE-2022-39264.json deleted file mode 100644 index 479afdc770..0000000000 --- a/2022/CVE-2022-39264.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849884, - "name": "CVE-2022-39264", - "full_name": "Live-Hack-CVE\/CVE-2022-39264", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39264", - "description": "nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:19:55Z", - "updated_at": "2022-12-28T03:19:55Z", - "pushed_at": "2022-12-28T03:19:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39265.json b/2022/CVE-2022-39265.json deleted file mode 100644 index 2c5ce26ddd..0000000000 --- a/2022/CVE-2022-39265.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582825162, - "name": "CVE-2022-39265", - "full_name": "Live-Hack-CVE\/CVE-2022-39265", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39265", - "description": "MyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requ CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:08:50Z", - "updated_at": "2022-12-28T01:08:50Z", - "pushed_at": "2022-12-28T01:08:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39269.json b/2022/CVE-2022-39269.json new file mode 100644 index 0000000000..f5bc8f3a20 --- /dev/null +++ b/2022/CVE-2022-39269.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959713, + "name": "CVE-2022-39269", + "full_name": "Live-Hack-CVE\/CVE-2022-39269", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39269", + "description": "PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch i CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:53Z", + "updated_at": "2022-12-28T11:01:15Z", + "pushed_at": "2022-12-28T10:55:59Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39270.json b/2022/CVE-2022-39270.json new file mode 100644 index 0000000000..d9b7612b44 --- /dev/null +++ b/2022/CVE-2022-39270.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959658, + "name": "CVE-2022-39270", + "full_name": "Live-Hack-CVE\/CVE-2022-39270", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39270", + "description": "DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level - configured in component's settings) are able to inject arbitrary HTML on that topic's page. The issue has been fixed on the `main` branch. Admi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:42Z", + "updated_at": "2022-12-28T10:55:43Z", + "pushed_at": "2022-12-28T10:55:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39275.json b/2022/CVE-2022-39275.json new file mode 100644 index 0000000000..0cb5d3184e --- /dev/null +++ b/2022/CVE-2022-39275.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935202, + "name": "CVE-2022-39275", + "full_name": "Live-Hack-CVE\/CVE-2022-39275", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39275", + "description": "Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating data CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:28:14Z", + "updated_at": "2022-12-28T09:28:14Z", + "pushed_at": "2022-12-28T09:28:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39280.json b/2022/CVE-2022-39280.json new file mode 100644 index 0000000000..cc8936ddf8 --- /dev/null +++ b/2022/CVE-2022-39280.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959511, + "name": "CVE-2022-39280", + "full_name": "Live-Hack-CVE\/CVE-2022-39280", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39280", + "description": "dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users ar CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:10Z", + "updated_at": "2022-12-28T10:55:10Z", + "pushed_at": "2022-12-28T10:55:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39286.json b/2022/CVE-2022-39286.json new file mode 100644 index 0000000000..ffc105b94f --- /dev/null +++ b/2022/CVE-2022-39286.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913023, + "name": "CVE-2022-39286", + "full_name": "Live-Hack-CVE\/CVE-2022-39286", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39286", + "description": "Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:05:35Z", + "updated_at": "2022-12-28T08:05:35Z", + "pushed_at": "2022-12-28T08:05:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39299.json b/2022/CVE-2022-39299.json new file mode 100644 index 0000000000..21d5578745 --- /dev/null +++ b/2022/CVE-2022-39299.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946252, + "name": "CVE-2022-39299", + "full_name": "Live-Hack-CVE\/CVE-2022-39299", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39299", + "description": "Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:19Z", + "updated_at": "2022-12-28T10:07:19Z", + "pushed_at": "2022-12-28T10:07:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39325.json b/2022/CVE-2022-39325.json deleted file mode 100644 index c0d61e5eda..0000000000 --- a/2022/CVE-2022-39325.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840051, - "name": "CVE-2022-39325", - "full_name": "Live-Hack-CVE\/CVE-2022-39325", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39325", - "description": "BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:48Z", - "updated_at": "2022-12-28T02:29:48Z", - "pushed_at": "2022-12-28T02:29:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39331.json b/2022/CVE-2022-39331.json deleted file mode 100644 index d8834f84ee..0000000000 --- a/2022/CVE-2022-39331.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840527, - "name": "CVE-2022-39331", - "full_name": "Live-Hack-CVE\/CVE-2022-39331", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39331", - "description": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:32:04Z", - "updated_at": "2022-12-28T02:32:04Z", - "pushed_at": "2022-12-28T02:32:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39332.json b/2022/CVE-2022-39332.json deleted file mode 100644 index a53f9a43f4..0000000000 --- a/2022/CVE-2022-39332.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840037, - "name": "CVE-2022-39332", - "full_name": "Live-Hack-CVE\/CVE-2022-39332", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39332", - "description": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:45Z", - "updated_at": "2022-12-28T02:29:45Z", - "pushed_at": "2022-12-28T02:29:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39333.json b/2022/CVE-2022-39333.json deleted file mode 100644 index abe05f6dfa..0000000000 --- a/2022/CVE-2022-39333.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840022, - "name": "CVE-2022-39333", - "full_name": "Live-Hack-CVE\/CVE-2022-39333", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39333", - "description": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:41Z", - "updated_at": "2022-12-28T02:29:41Z", - "pushed_at": "2022-12-28T02:29:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39334.json b/2022/CVE-2022-39334.json deleted file mode 100644 index bbcaf2d49f..0000000000 --- a/2022/CVE-2022-39334.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840462, - "name": "CVE-2022-39334", - "full_name": "Live-Hack-CVE\/CVE-2022-39334", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39334", - "description": "Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. Th CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:46Z", - "updated_at": "2022-12-28T02:31:46Z", - "pushed_at": "2022-12-28T02:31:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39338.json b/2022/CVE-2022-39338.json deleted file mode 100644 index 837440ea93..0000000000 --- a/2022/CVE-2022-39338.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833653, - "name": "CVE-2022-39338", - "full_name": "Live-Hack-CVE\/CVE-2022-39338", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39338", - "description": "user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been show CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:43Z", - "updated_at": "2022-12-28T01:56:44Z", - "pushed_at": "2022-12-28T01:56:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39339.json b/2022/CVE-2022-39339.json deleted file mode 100644 index dce316b723..0000000000 --- a/2022/CVE-2022-39339.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833665, - "name": "CVE-2022-39339", - "full_name": "Live-Hack-CVE\/CVE-2022-39339", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39339", - "description": "user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:47Z", - "updated_at": "2022-12-28T01:56:47Z", - "pushed_at": "2022-12-28T01:56:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39343.json b/2022/CVE-2022-39343.json new file mode 100644 index 0000000000..86f5016782 --- /dev/null +++ b/2022/CVE-2022-39343.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960146, + "name": "CVE-2022-39343", + "full_name": "Live-Hack-CVE\/CVE-2022-39343", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39343", + "description": "Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with corre CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:13Z", + "updated_at": "2022-12-28T10:57:13Z", + "pushed_at": "2022-12-28T10:57:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39348.json b/2022/CVE-2022-39348.json deleted file mode 100644 index 63d8f2d591..0000000000 --- a/2022/CVE-2022-39348.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857151, - "name": "CVE-2022-39348", - "full_name": "Live-Hack-CVE\/CVE-2022-39348", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39348", - "description": "Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In pr CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:58:33Z", - "updated_at": "2022-12-28T03:58:33Z", - "pushed_at": "2022-12-28T03:58:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39352.json b/2022/CVE-2022-39352.json new file mode 100644 index 0000000000..b6552d70d6 --- /dev/null +++ b/2022/CVE-2022-39352.json @@ -0,0 +1,31 @@ +[ + { + "id": 582960283, + "name": "CVE-2022-39352", + "full_name": "Live-Hack-CVE\/CVE-2022-39352", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39352", + "description": "OpenFGA is a high-performance authorization\/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a †CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:57:46Z", + "updated_at": "2022-12-28T10:57:46Z", + "pushed_at": "2022-12-28T10:57:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39368.json b/2022/CVE-2022-39368.json new file mode 100644 index 0000000000..fc945940df --- /dev/null +++ b/2022/CVE-2022-39368.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902481, + "name": "CVE-2022-39368", + "full_name": "Live-Hack-CVE\/CVE-2022-39368", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39368", + "description": "Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:24:02Z", + "updated_at": "2022-12-28T07:24:02Z", + "pushed_at": "2022-12-28T07:24:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39369.json b/2022/CVE-2022-39369.json new file mode 100644 index 0000000000..d9555029c5 --- /dev/null +++ b/2022/CVE-2022-39369.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946998, + "name": "CVE-2022-39369", + "full_name": "Live-Hack-CVE\/CVE-2022-39369", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39369", + "description": "phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted f CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:46Z", + "updated_at": "2022-12-28T10:09:46Z", + "pushed_at": "2022-12-28T10:09:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39377.json b/2022/CVE-2022-39377.json deleted file mode 100644 index 06674d38ca..0000000000 --- a/2022/CVE-2022-39377.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872621, - "name": "CVE-2022-39377", - "full_name": "Live-Hack-CVE\/CVE-2022-39377", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39377", - "description": "sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:26Z", - "updated_at": "2022-12-28T05:18:26Z", - "pushed_at": "2022-12-28T05:18:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39385.json b/2022/CVE-2022-39385.json new file mode 100644 index 0000000000..a0dbe0e684 --- /dev/null +++ b/2022/CVE-2022-39385.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902889, + "name": "CVE-2022-39385", + "full_name": "Live-Hack-CVE\/CVE-2022-39385", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39385", + "description": "Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a4145 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:39Z", + "updated_at": "2022-12-28T07:25:39Z", + "pushed_at": "2022-12-28T07:25:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39386.json b/2022/CVE-2022-39386.json new file mode 100644 index 0000000000..811bda44d9 --- /dev/null +++ b/2022/CVE-2022-39386.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970332, + "name": "CVE-2022-39386", + "full_name": "Live-Hack-CVE\/CVE-2022-39386", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39386", + "description": "@fastify\/websocket provides WebSocket support for Fastify. Any application using @fastify\/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and vers CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:34:53Z", + "updated_at": "2022-12-28T11:34:54Z", + "pushed_at": "2022-12-28T11:34:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39388.json b/2022/CVE-2022-39388.json new file mode 100644 index 0000000000..e16f6ec278 --- /dev/null +++ b/2022/CVE-2022-39388.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936117, + "name": "CVE-2022-39388", + "full_name": "Live-Hack-CVE\/CVE-2022-39388", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39388", + "description": "Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known wor CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:12Z", + "updated_at": "2022-12-28T09:31:12Z", + "pushed_at": "2022-12-28T09:31:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39389.json b/2022/CVE-2022-39389.json deleted file mode 100644 index c7ed57061c..0000000000 --- a/2022/CVE-2022-39389.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872713, - "name": "CVE-2022-39389", - "full_name": "Live-Hack-CVE\/CVE-2022-39389", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39389", - "description": "Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, a CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:56Z", - "updated_at": "2022-12-28T05:18:56Z", - "pushed_at": "2022-12-28T05:18:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3939.json b/2022/CVE-2022-3939.json new file mode 100644 index 0000000000..51374da28f --- /dev/null +++ b/2022/CVE-2022-3939.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935725, + "name": "CVE-2022-3939", + "full_name": "Live-Hack-CVE\/CVE-2022-3939", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3939", + "description": "A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis\/public\/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:00Z", + "updated_at": "2022-12-28T09:30:00Z", + "pushed_at": "2022-12-28T09:30:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39392.json b/2022/CVE-2022-39392.json new file mode 100644 index 0000000000..ee3717152b --- /dev/null +++ b/2022/CVE-2022-39392.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935564, + "name": "CVE-2022-39392", + "full_name": "Live-Hack-CVE\/CVE-2022-39392", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39392", + "description": "Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memo CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:24Z", + "updated_at": "2022-12-28T09:29:24Z", + "pushed_at": "2022-12-28T09:29:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39393.json b/2022/CVE-2022-39393.json new file mode 100644 index 0000000000..19113bac08 --- /dev/null +++ b/2022/CVE-2022-39393.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912210, + "name": "CVE-2022-39393", + "full_name": "Live-Hack-CVE\/CVE-2022-39393", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39393", + "description": "Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:34Z", + "updated_at": "2022-12-28T08:02:34Z", + "pushed_at": "2022-12-28T08:02:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39394.json b/2022/CVE-2022-39394.json new file mode 100644 index 0000000000..2d1ef7507c --- /dev/null +++ b/2022/CVE-2022-39394.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934208, + "name": "CVE-2022-39394", + "full_name": "Live-Hack-CVE\/CVE-2022-39394", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39394", + "description": "Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime\/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:05Z", + "updated_at": "2022-12-28T09:25:05Z", + "pushed_at": "2022-12-28T09:25:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39395.json b/2022/CVE-2022-39395.json new file mode 100644 index 0000000000..b1876862b2 --- /dev/null +++ b/2022/CVE-2022-39395.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912177, + "name": "CVE-2022-39395", + "full_name": "Live-Hack-CVE\/CVE-2022-39395", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39395", + "description": "Vela is a Pipeline Automation (CI\/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worke CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:27Z", + "updated_at": "2022-12-28T08:02:27Z", + "pushed_at": "2022-12-28T08:02:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39396.json b/2022/CVE-2022-39396.json new file mode 100644 index 0000000000..b1f17f6898 --- /dev/null +++ b/2022/CVE-2022-39396.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948148, + "name": "CVE-2022-39396", + "full_name": "Live-Hack-CVE\/CVE-2022-39396", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39396", + "description": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution t CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:40Z", + "updated_at": "2022-12-28T10:13:40Z", + "pushed_at": "2022-12-28T10:13:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39397.json b/2022/CVE-2022-39397.json deleted file mode 100644 index 05c6b6db02..0000000000 --- a/2022/CVE-2022-39397.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857438, - "name": "CVE-2022-39397", - "full_name": "Live-Hack-CVE\/CVE-2022-39397", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39397", - "description": "aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:00:08Z", - "updated_at": "2022-12-28T04:00:08Z", - "pushed_at": "2022-12-28T04:00:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39398.json b/2022/CVE-2022-39398.json new file mode 100644 index 0000000000..e1ddd37748 --- /dev/null +++ b/2022/CVE-2022-39398.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948288, + "name": "CVE-2022-39398", + "full_name": "Live-Hack-CVE\/CVE-2022-39398", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39398", + "description": "tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) - Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:14:09Z", + "updated_at": "2022-12-28T10:14:09Z", + "pushed_at": "2022-12-28T10:14:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3940.json b/2022/CVE-2022-3940.json new file mode 100644 index 0000000000..953af6f26c --- /dev/null +++ b/2022/CVE-2022-3940.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935706, + "name": "CVE-2022-3940", + "full_name": "Live-Hack-CVE\/CVE-2022-3940", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3940", + "description": "A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis\/process\/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:56Z", + "updated_at": "2022-12-28T09:29:56Z", + "pushed_at": "2022-12-28T09:29:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3941.json b/2022/CVE-2022-3941.json new file mode 100644 index 0000000000..bce4c2d2d3 --- /dev/null +++ b/2022/CVE-2022-3941.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890978, + "name": "CVE-2022-3941", + "full_name": "Live-Hack-CVE\/CVE-2022-3941", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3941", + "description": "A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been di CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:38Z", + "updated_at": "2022-12-28T06:37:38Z", + "pushed_at": "2022-12-28T06:37:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3942.json b/2022/CVE-2022-3942.json new file mode 100644 index 0000000000..895a8d962c --- /dev/null +++ b/2022/CVE-2022-3942.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935692, + "name": "CVE-2022-3942", + "full_name": "Live-Hack-CVE\/CVE-2022-3942", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3942", + "description": "A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms\/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:52Z", + "updated_at": "2022-12-28T09:29:52Z", + "pushed_at": "2022-12-28T09:29:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3943.json b/2022/CVE-2022-3943.json new file mode 100644 index 0000000000..19c79ed20b --- /dev/null +++ b/2022/CVE-2022-3943.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935673, + "name": "CVE-2022-3943", + "full_name": "Live-Hack-CVE\/CVE-2022-3943", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3943", + "description": "A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:49Z", + "updated_at": "2022-12-28T09:29:49Z", + "pushed_at": "2022-12-28T09:29:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3944.json b/2022/CVE-2022-3944.json new file mode 100644 index 0000000000..0953baf6f4 --- /dev/null +++ b/2022/CVE-2022-3944.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935632, + "name": "CVE-2022-3944", + "full_name": "Live-Hack-CVE\/CVE-2022-3944", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3944", + "description": "A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application\/controllers\/basedata\/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:38Z", + "updated_at": "2022-12-28T09:29:38Z", + "pushed_at": "2022-12-28T09:29:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3945.json b/2022/CVE-2022-3945.json new file mode 100644 index 0000000000..b6393f1804 --- /dev/null +++ b/2022/CVE-2022-3945.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925350, + "name": "CVE-2022-3945", + "full_name": "Live-Hack-CVE\/CVE-2022-3945", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3945", + "description": "Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita\/kavita prior to 0.6.0.3. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:34Z", + "updated_at": "2022-12-28T08:52:34Z", + "pushed_at": "2022-12-28T08:52:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3947.json b/2022/CVE-2022-3947.json new file mode 100644 index 0000000000..af88c423fa --- /dev/null +++ b/2022/CVE-2022-3947.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935801, + "name": "CVE-2022-3947", + "full_name": "Live-Hack-CVE\/CVE-2022-3947", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3947", + "description": "A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file \/balance\/service\/list. The manipulation of the argument route\/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:12Z", + "updated_at": "2022-12-28T09:30:12Z", + "pushed_at": "2022-12-28T09:30:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3948.json b/2022/CVE-2022-3948.json new file mode 100644 index 0000000000..5a25c3ddc0 --- /dev/null +++ b/2022/CVE-2022-3948.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935822, + "name": "CVE-2022-3948", + "full_name": "Live-Hack-CVE\/CVE-2022-3948", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3948", + "description": "A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file \/plugin\/getList. The manipulation of the argument route\/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-2134 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:16Z", + "updated_at": "2022-12-28T09:30:16Z", + "pushed_at": "2022-12-28T09:30:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3949.json b/2022/CVE-2022-3949.json new file mode 100644 index 0000000000..42c555674e --- /dev/null +++ b/2022/CVE-2022-3949.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936135, + "name": "CVE-2022-3949", + "full_name": "Live-Hack-CVE\/CVE-2022-3949", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3949", + "description": "A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:16Z", + "updated_at": "2022-12-28T09:31:16Z", + "pushed_at": "2022-12-28T09:31:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3950.json b/2022/CVE-2022-3950.json new file mode 100644 index 0000000000..62c54be30c --- /dev/null +++ b/2022/CVE-2022-3950.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935774, + "name": "CVE-2022-3950", + "full_name": "Live-Hack-CVE\/CVE-2022-3950", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3950", + "description": "A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf2628 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:09Z", + "updated_at": "2022-12-28T09:30:09Z", + "pushed_at": "2022-12-28T09:30:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3952.json b/2022/CVE-2022-3952.json new file mode 100644 index 0000000000..2fe34c72f0 --- /dev/null +++ b/2022/CVE-2022-3952.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936029, + "name": "CVE-2022-3952", + "full_name": "Live-Hack-CVE\/CVE-2022-3952", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3952", + "description": "A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to a CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:52Z", + "updated_at": "2022-12-28T09:30:52Z", + "pushed_at": "2022-12-28T09:30:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3955.json b/2022/CVE-2022-3955.json new file mode 100644 index 0000000000..d5371e6f30 --- /dev/null +++ b/2022/CVE-2022-3955.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925245, + "name": "CVE-2022-3955", + "full_name": "Live-Hack-CVE\/CVE-2022-3955", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3955", + "description": "A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\\class\\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to t CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:14Z", + "updated_at": "2022-12-28T08:52:14Z", + "pushed_at": "2022-12-28T08:52:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3956.json b/2022/CVE-2022-3956.json new file mode 100644 index 0000000000..59c099c99e --- /dev/null +++ b/2022/CVE-2022-3956.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925213, + "name": "CVE-2022-3956", + "full_name": "Live-Hack-CVE\/CVE-2022-3956", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3956", + "description": "A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-2134 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:07Z", + "updated_at": "2022-12-28T08:52:08Z", + "pushed_at": "2022-12-28T08:52:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3957.json b/2022/CVE-2022-3957.json new file mode 100644 index 0000000000..f30f66a8df --- /dev/null +++ b/2022/CVE-2022-3957.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925196, + "name": "CVE-2022-3957", + "full_name": "Live-Hack-CVE\/CVE-2022-3957", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3957", + "description": "A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph\/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:04Z", + "updated_at": "2022-12-28T08:52:04Z", + "pushed_at": "2022-12-28T08:52:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3958.json b/2022/CVE-2022-3958.json new file mode 100644 index 0000000000..f4387d005d --- /dev/null +++ b/2022/CVE-2022-3958.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922808, + "name": "CVE-2022-3958", + "full_name": "Live-Hack-CVE\/CVE-2022-3958", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3958", + "description": "Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:00Z", + "updated_at": "2022-12-28T08:43:00Z", + "pushed_at": "2022-12-28T08:43:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3959.json b/2022/CVE-2022-3959.json new file mode 100644 index 0000000000..985d1cc965 --- /dev/null +++ b/2022/CVE-2022-3959.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925182, + "name": "CVE-2022-3959", + "full_name": "Live-Hack-CVE\/CVE-2022-3959", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3959", + "description": "A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to addre CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:52:00Z", + "updated_at": "2022-12-28T08:52:00Z", + "pushed_at": "2022-12-28T08:52:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3963.json b/2022/CVE-2022-3963.json new file mode 100644 index 0000000000..16035e32f4 --- /dev/null +++ b/2022/CVE-2022-3963.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903391, + "name": "CVE-2022-3963", + "full_name": "Live-Hack-CVE\/CVE-2022-3963", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3963", + "description": "A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs\/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 i CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:40Z", + "updated_at": "2022-12-28T07:27:40Z", + "pushed_at": "2022-12-28T07:27:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3964.json b/2022/CVE-2022-3964.json new file mode 100644 index 0000000000..6f7911c4df --- /dev/null +++ b/2022/CVE-2022-3964.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902788, + "name": "CVE-2022-3964", + "full_name": "Live-Hack-CVE\/CVE-2022-3964", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3964", + "description": "A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec\/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 9 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:14Z", + "updated_at": "2022-12-28T07:25:14Z", + "pushed_at": "2022-12-28T07:25:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3965.json b/2022/CVE-2022-3965.json new file mode 100644 index 0000000000..45630fe4c1 --- /dev/null +++ b/2022/CVE-2022-3965.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902768, + "name": "CVE-2022-3965", + "full_name": "Live-Hack-CVE\/CVE-2022-3965", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3965", + "description": "A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec\/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:11Z", + "updated_at": "2022-12-28T07:25:11Z", + "pushed_at": "2022-12-28T07:25:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3966.json b/2022/CVE-2022-3966.json new file mode 100644 index 0000000000..19b4f86b21 --- /dev/null +++ b/2022/CVE-2022-3966.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912146, + "name": "CVE-2022-3966", + "full_name": "Live-Hack-CVE\/CVE-2022-3966", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3966", + "description": "A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes\/core\/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be ini CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:19Z", + "updated_at": "2022-12-28T08:02:19Z", + "pushed_at": "2022-12-28T08:02:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3967.json b/2022/CVE-2022-3967.json new file mode 100644 index 0000000000..35b8e2893c --- /dev/null +++ b/2022/CVE-2022-3967.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902803, + "name": "CVE-2022-3967", + "full_name": "Live-Hack-CVE\/CVE-2022-3967", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3967", + "description": "A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func\/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:18Z", + "updated_at": "2022-12-28T07:25:18Z", + "pushed_at": "2022-12-28T07:25:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3968.json b/2022/CVE-2022-3968.json new file mode 100644 index 0000000000..84d6e1561a --- /dev/null +++ b/2022/CVE-2022-3968.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902839, + "name": "CVE-2022-3968", + "full_name": "Live-Hack-CVE\/CVE-2022-3968", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3968", + "description": "A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin\/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:28Z", + "updated_at": "2022-12-28T07:25:28Z", + "pushed_at": "2022-12-28T07:25:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3969.json b/2022/CVE-2022-3969.json new file mode 100644 index 0000000000..d4ff374205 --- /dev/null +++ b/2022/CVE-2022-3969.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903069, + "name": "CVE-2022-3969", + "full_name": "Live-Hack-CVE\/CVE-2022-3969", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3969", + "description": "A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src\/main\/java\/com\/openkm\/util\/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:21Z", + "updated_at": "2022-12-28T07:26:21Z", + "pushed_at": "2022-12-28T07:26:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3971.json b/2022/CVE-2022-3971.json new file mode 100644 index 0000000000..1725b96980 --- /dev/null +++ b/2022/CVE-2022-3971.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903157, + "name": "CVE-2022-3971", + "full_name": "Live-Hack-CVE\/CVE-2022-3971", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3971", + "description": "A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src\/datastore\/postgres\/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The na CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:26:42Z", + "updated_at": "2022-12-28T07:26:42Z", + "pushed_at": "2022-12-28T07:26:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3972.json b/2022/CVE-2022-3972.json new file mode 100644 index 0000000000..aa325519b2 --- /dev/null +++ b/2022/CVE-2022-3972.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902860, + "name": "CVE-2022-3972", + "full_name": "Live-Hack-CVE\/CVE-2022-3972", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3972", + "description": "A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin\/adminlogin.php. The manipulation of the argument uname\/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:32Z", + "updated_at": "2022-12-28T07:25:32Z", + "pushed_at": "2022-12-28T07:25:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3973.json b/2022/CVE-2022-3973.json new file mode 100644 index 0000000000..ec08b18547 --- /dev/null +++ b/2022/CVE-2022-3973.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902823, + "name": "CVE-2022-3973", + "full_name": "Live-Hack-CVE\/CVE-2022-3973", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3973", + "description": "A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file \/admin\/admin.php of the component Data Pump Metadata. The manipulation of the argument uname\/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:25Z", + "updated_at": "2022-12-28T07:25:25Z", + "pushed_at": "2022-12-28T07:25:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3974.json b/2022/CVE-2022-3974.json new file mode 100644 index 0000000000..6c8ebfb7bf --- /dev/null +++ b/2022/CVE-2022-3974.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902812, + "name": "CVE-2022-3974", + "full_name": "Live-Hack-CVE\/CVE-2022-3974", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3974", + "description": "A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:21Z", + "updated_at": "2022-12-28T07:25:21Z", + "pushed_at": "2022-12-28T07:25:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3975.json b/2022/CVE-2022-3975.json new file mode 100644 index 0000000000..028afa1b32 --- /dev/null +++ b/2022/CVE-2022-3975.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890944, + "name": "CVE-2022-3975", + "full_name": "Live-Hack-CVE\/CVE-2022-3975", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3975", + "description": "A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor\/vinades\/nukeviet\/Core\/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be lau CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:31Z", + "updated_at": "2022-12-28T06:37:31Z", + "pushed_at": "2022-12-28T06:37:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3976.json b/2022/CVE-2022-3976.json new file mode 100644 index 0000000000..73eec5da27 --- /dev/null +++ b/2022/CVE-2022-3976.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890887, + "name": "CVE-2022-3976", + "full_name": "Live-Hack-CVE\/CVE-2022-3976", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3976", + "description": "A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src\/mms\/iso_mms\/client\/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:17Z", + "updated_at": "2022-12-28T06:37:17Z", + "pushed_at": "2022-12-28T06:37:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3978.json b/2022/CVE-2022-3978.json new file mode 100644 index 0000000000..76162f8a0a --- /dev/null +++ b/2022/CVE-2022-3978.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890875, + "name": "CVE-2022-3978", + "full_name": "Live-Hack-CVE\/CVE-2022-3978", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3978", + "description": "A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file \/register\/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:14Z", + "updated_at": "2022-12-28T06:37:14Z", + "pushed_at": "2022-12-28T06:37:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3979.json b/2022/CVE-2022-3979.json new file mode 100644 index 0000000000..a747da750b --- /dev/null +++ b/2022/CVE-2022-3979.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890836, + "name": "CVE-2022-3979", + "full_name": "Live-Hack-CVE\/CVE-2022-3979", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3979", + "description": "A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share\/server\/core\/classes\/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. Upgrading to versi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:03Z", + "updated_at": "2022-12-28T06:37:03Z", + "pushed_at": "2022-12-28T06:37:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3980.json b/2022/CVE-2022-3980.json new file mode 100644 index 0000000000..df14d64832 --- /dev/null +++ b/2022/CVE-2022-3980.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901798, + "name": "CVE-2022-3980", + "full_name": "Live-Hack-CVE\/CVE-2022-3980", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3980", + "description": "An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:21Z", + "updated_at": "2022-12-28T07:21:21Z", + "pushed_at": "2022-12-28T07:21:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39800.json b/2022/CVE-2022-39800.json new file mode 100644 index 0000000000..3512dfced0 --- /dev/null +++ b/2022/CVE-2022-39800.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959498, + "name": "CVE-2022-39800", + "full_name": "Live-Hack-CVE\/CVE-2022-39800", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39800", + "description": "SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidential CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:06Z", + "updated_at": "2022-12-28T10:55:06Z", + "pushed_at": "2022-12-28T10:55:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39833.json b/2022/CVE-2022-39833.json deleted file mode 100644 index 53176b97f3..0000000000 --- a/2022/CVE-2022-39833.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841653, - "name": "CVE-2022-39833", - "full_name": "Live-Hack-CVE\/CVE-2022-39833", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39833", - "description": "FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:42Z", - "updated_at": "2022-12-28T02:37:42Z", - "pushed_at": "2022-12-28T02:37:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39834.json b/2022/CVE-2022-39834.json new file mode 100644 index 0000000000..5577ee9160 --- /dev/null +++ b/2022/CVE-2022-39834.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901947, + "name": "CVE-2022-39834", + "full_name": "Live-Hack-CVE\/CVE-2022-39834", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39834", + "description": "A stored XSS vulnerability was discovered in adminweb\/ra\/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:52Z", + "updated_at": "2022-12-28T07:21:52Z", + "pushed_at": "2022-12-28T07:21:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39879.json b/2022/CVE-2022-39879.json new file mode 100644 index 0000000000..b2ea3c1a2a --- /dev/null +++ b/2022/CVE-2022-39879.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958176, + "name": "CVE-2022-39879", + "full_name": "Live-Hack-CVE\/CVE-2022-39879", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39879", + "description": "Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:11Z", + "updated_at": "2022-12-28T10:50:11Z", + "pushed_at": "2022-12-28T10:50:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3988.json b/2022/CVE-2022-3988.json new file mode 100644 index 0000000000..629fdce3b1 --- /dev/null +++ b/2022/CVE-2022-3988.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923718, + "name": "CVE-2022-3988", + "full_name": "Live-Hack-CVE\/CVE-2022-3988", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3988", + "description": "A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe\/templates\/includes\/navbar\/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be launched remotely. The CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:29Z", + "updated_at": "2022-12-28T08:46:29Z", + "pushed_at": "2022-12-28T08:46:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39880.json b/2022/CVE-2022-39880.json new file mode 100644 index 0000000000..df73d6c301 --- /dev/null +++ b/2022/CVE-2022-39880.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958190, + "name": "CVE-2022-39880", + "full_name": "Live-Hack-CVE\/CVE-2022-39880", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39880", + "description": "Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:16Z", + "updated_at": "2022-12-28T10:50:16Z", + "pushed_at": "2022-12-28T10:50:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39881.json b/2022/CVE-2022-39881.json new file mode 100644 index 0000000000..2c6966bdaf --- /dev/null +++ b/2022/CVE-2022-39881.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958237, + "name": "CVE-2022-39881", + "full_name": "Live-Hack-CVE\/CVE-2022-39881", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39881", + "description": "Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:26Z", + "updated_at": "2022-12-28T10:50:26Z", + "pushed_at": "2022-12-28T10:50:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39882.json b/2022/CVE-2022-39882.json new file mode 100644 index 0000000000..6d3ab5e4f1 --- /dev/null +++ b/2022/CVE-2022-39882.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958199, + "name": "CVE-2022-39882", + "full_name": "Live-Hack-CVE\/CVE-2022-39882", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39882", + "description": "Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:19Z", + "updated_at": "2022-12-28T10:50:19Z", + "pushed_at": "2022-12-28T10:50:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39883.json b/2022/CVE-2022-39883.json new file mode 100644 index 0000000000..63f374a923 --- /dev/null +++ b/2022/CVE-2022-39883.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958106, + "name": "CVE-2022-39883", + "full_name": "Live-Hack-CVE\/CVE-2022-39883", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39883", + "description": "Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:49:57Z", + "updated_at": "2022-12-28T10:49:57Z", + "pushed_at": "2022-12-28T10:49:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39884.json b/2022/CVE-2022-39884.json new file mode 100644 index 0000000000..2a3bdc57ec --- /dev/null +++ b/2022/CVE-2022-39884.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958125, + "name": "CVE-2022-39884", + "full_name": "Live-Hack-CVE\/CVE-2022-39884", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39884", + "description": "Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:01Z", + "updated_at": "2022-12-28T10:50:01Z", + "pushed_at": "2022-12-28T10:50:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39885.json b/2022/CVE-2022-39885.json new file mode 100644 index 0000000000..2df00b7314 --- /dev/null +++ b/2022/CVE-2022-39885.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958144, + "name": "CVE-2022-39885", + "full_name": "Live-Hack-CVE\/CVE-2022-39885", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39885", + "description": "Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:05Z", + "updated_at": "2022-12-28T10:50:05Z", + "pushed_at": "2022-12-28T10:50:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39886.json b/2022/CVE-2022-39886.json new file mode 100644 index 0000000000..97711aa9fe --- /dev/null +++ b/2022/CVE-2022-39886.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958489, + "name": "CVE-2022-39886", + "full_name": "Live-Hack-CVE\/CVE-2022-39886", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39886", + "description": "Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:21Z", + "updated_at": "2022-12-28T10:51:21Z", + "pushed_at": "2022-12-28T10:51:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39887.json b/2022/CVE-2022-39887.json new file mode 100644 index 0000000000..4613988e67 --- /dev/null +++ b/2022/CVE-2022-39887.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958046, + "name": "CVE-2022-39887", + "full_name": "Live-Hack-CVE\/CVE-2022-39887", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39887", + "description": "Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:49:43Z", + "updated_at": "2022-12-28T10:49:43Z", + "pushed_at": "2022-12-28T10:49:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39889.json b/2022/CVE-2022-39889.json new file mode 100644 index 0000000000..201b4deb8e --- /dev/null +++ b/2022/CVE-2022-39889.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947858, + "name": "CVE-2022-39889", + "full_name": "Live-Hack-CVE\/CVE-2022-39889", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39889", + "description": "Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:40Z", + "updated_at": "2022-12-28T10:12:40Z", + "pushed_at": "2022-12-28T10:12:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39890.json b/2022/CVE-2022-39890.json new file mode 100644 index 0000000000..11b1a617ed --- /dev/null +++ b/2022/CVE-2022-39890.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958026, + "name": "CVE-2022-39890", + "full_name": "Live-Hack-CVE\/CVE-2022-39890", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39890", + "description": "Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:49:39Z", + "updated_at": "2022-12-28T10:49:39Z", + "pushed_at": "2022-12-28T10:49:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39891.json b/2022/CVE-2022-39891.json new file mode 100644 index 0000000000..9e8a6d1b32 --- /dev/null +++ b/2022/CVE-2022-39891.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947601, + "name": "CVE-2022-39891", + "full_name": "Live-Hack-CVE\/CVE-2022-39891", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39891", + "description": "Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:46Z", + "updated_at": "2022-12-28T10:11:46Z", + "pushed_at": "2022-12-28T10:11:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39892.json b/2022/CVE-2022-39892.json new file mode 100644 index 0000000000..e921c0344b --- /dev/null +++ b/2022/CVE-2022-39892.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957562, + "name": "CVE-2022-39892", + "full_name": "Live-Hack-CVE\/CVE-2022-39892", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39892", + "description": "Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:48:00Z", + "updated_at": "2022-12-28T10:48:00Z", + "pushed_at": "2022-12-28T10:48:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39893.json b/2022/CVE-2022-39893.json new file mode 100644 index 0000000000..4c6858a16f --- /dev/null +++ b/2022/CVE-2022-39893.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957548, + "name": "CVE-2022-39893", + "full_name": "Live-Hack-CVE\/CVE-2022-39893", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39893", + "description": "Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:47:56Z", + "updated_at": "2022-12-28T10:47:56Z", + "pushed_at": "2022-12-28T10:47:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3991.json b/2022/CVE-2022-3991.json deleted file mode 100644 index 38bcfd8289..0000000000 --- a/2022/CVE-2022-3991.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839842, - "name": "CVE-2022-3991", - "full_name": "Live-Hack-CVE\/CVE-2022-3991", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3991", - "description": "The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-lev CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:28:40Z", - "updated_at": "2022-12-28T02:28:40Z", - "pushed_at": "2022-12-28T02:28:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3992.json b/2022/CVE-2022-3992.json new file mode 100644 index 0000000000..aa5a49fa14 --- /dev/null +++ b/2022/CVE-2022-3992.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902228, + "name": "CVE-2022-3992", + "full_name": "Live-Hack-CVE\/CVE-2022-3992", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3992", + "description": "A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin\/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:56Z", + "updated_at": "2022-12-28T07:22:56Z", + "pushed_at": "2022-12-28T07:22:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3993.json b/2022/CVE-2022-3993.json new file mode 100644 index 0000000000..c94670fe02 --- /dev/null +++ b/2022/CVE-2022-3993.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902350, + "name": "CVE-2022-3993", + "full_name": "Live-Hack-CVE\/CVE-2022-3993", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3993", + "description": "Authentication Bypass by Primary Weakness in GitHub repository kareadita\/kavita prior to 0.6.0.3. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:28Z", + "updated_at": "2022-12-28T07:23:28Z", + "pushed_at": "2022-12-28T07:23:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3995.json b/2022/CVE-2022-3995.json deleted file mode 100644 index 6e71091607..0000000000 --- a/2022/CVE-2022-3995.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833949, - "name": "CVE-2022-3995", - "full_name": "Live-Hack-CVE\/CVE-2022-3995", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3995", - "description": "The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permission CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:58:11Z", - "updated_at": "2022-12-28T01:58:11Z", - "pushed_at": "2022-12-28T01:58:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-39955.json b/2022/CVE-2022-39955.json new file mode 100644 index 0000000000..aaf1be6ed5 --- /dev/null +++ b/2022/CVE-2022-39955.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947088, + "name": "CVE-2022-39955", + "full_name": "Live-Hack-CVE\/CVE-2022-39955", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39955", + "description": "The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type \"charset\" names and therefore bypa CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:10:04Z", + "updated_at": "2022-12-28T10:10:04Z", + "pushed_at": "2022-12-28T10:10:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39956.json b/2022/CVE-2022-39956.json new file mode 100644 index 0000000000..4def8e6315 --- /dev/null +++ b/2022/CVE-2022-39956.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947209, + "name": "CVE-2022-39956", + "full_name": "Live-Hack-CVE\/CVE-2022-39956", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39956", + "description": "The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web app CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:10:30Z", + "updated_at": "2022-12-28T10:10:30Z", + "pushed_at": "2022-12-28T10:10:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39957.json b/2022/CVE-2022-39957.json new file mode 100644 index 0000000000..dc7c4fa7f2 --- /dev/null +++ b/2022/CVE-2022-39957.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947230, + "name": "CVE-2022-39957", + "full_name": "Live-Hack-CVE\/CVE-2022-39957", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39957", + "description": "The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional \"charset\" parameter in order to receive the response in an encoded form. Depending on the \"charset\", this response can not be decoded by the web application firewall. A CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:10:34Z", + "updated_at": "2022-12-28T10:10:34Z", + "pushed_at": "2022-12-28T10:10:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-39958.json b/2022/CVE-2022-39958.json new file mode 100644 index 0000000000..3ec8732053 --- /dev/null +++ b/2022/CVE-2022-39958.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947241, + "name": "CVE-2022-39958", + "full_name": "Live-Hack-CVE\/CVE-2022-39958", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-39958", + "description": "The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:10:38Z", + "updated_at": "2022-12-28T10:10:38Z", + "pushed_at": "2022-12-28T10:10:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-3997.json b/2022/CVE-2022-3997.json deleted file mode 100644 index 14ec8a8f00..0000000000 --- a/2022/CVE-2022-3997.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873168, - "name": "CVE-2022-3997", - "full_name": "Live-Hack-CVE\/CVE-2022-3997", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3997", - "description": "A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email\/lozinka\/ime\/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:36Z", - "updated_at": "2022-12-28T05:20:36Z", - "pushed_at": "2022-12-28T05:20:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-3998.json b/2022/CVE-2022-3998.json deleted file mode 100644 index e14e6d55e9..0000000000 --- a/2022/CVE-2022-3998.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873154, - "name": "CVE-2022-3998", - "full_name": "Live-Hack-CVE\/CVE-2022-3998", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-3998", - "description": "A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The as CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:32Z", - "updated_at": "2022-12-28T05:20:32Z", - "pushed_at": "2022-12-28T05:20:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4006.json b/2022/CVE-2022-4006.json new file mode 100644 index 0000000000..b7c494d987 --- /dev/null +++ b/2022/CVE-2022-4006.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891451, + "name": "CVE-2022-4006", + "full_name": "Live-Hack-CVE\/CVE-2022-4006", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4006", + "description": "A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce\/framework\/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authenticatio CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:33Z", + "updated_at": "2022-12-28T06:39:33Z", + "pushed_at": "2022-12-28T06:39:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4011.json b/2022/CVE-2022-4011.json new file mode 100644 index 0000000000..88d3a8a6c5 --- /dev/null +++ b/2022/CVE-2022-4011.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891009, + "name": "CVE-2022-4011", + "full_name": "Live-Hack-CVE\/CVE-2022-4011", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4011", + "description": "A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been dis CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:45Z", + "updated_at": "2022-12-28T06:37:45Z", + "pushed_at": "2022-12-28T06:37:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4012.json b/2022/CVE-2022-4012.json new file mode 100644 index 0000000000..a8affa1433 --- /dev/null +++ b/2022/CVE-2022-4012.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912612, + "name": "CVE-2022-4012", + "full_name": "Live-Hack-CVE\/CVE-2022-4012", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4012", + "description": "A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VD CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:07Z", + "updated_at": "2022-12-28T08:04:07Z", + "pushed_at": "2022-12-28T08:04:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40127.json b/2022/CVE-2022-40127.json new file mode 100644 index 0000000000..2734fb5da3 --- /dev/null +++ b/2022/CVE-2022-40127.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923761, + "name": "CVE-2022-40127", + "full_name": "Live-Hack-CVE\/CVE-2022-40127", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40127", + "description": "A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:40Z", + "updated_at": "2022-12-28T08:46:40Z", + "pushed_at": "2022-12-28T08:46:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40128.json b/2022/CVE-2022-40128.json new file mode 100644 index 0000000000..0872bf1c31 --- /dev/null +++ b/2022/CVE-2022-40128.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970541, + "name": "CVE-2022-40128", + "full_name": "Live-Hack-CVE\/CVE-2022-40128", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40128", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:42Z", + "updated_at": "2022-12-28T11:35:42Z", + "pushed_at": "2022-12-28T11:35:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40129.json b/2022/CVE-2022-40129.json deleted file mode 100644 index 069cc11562..0000000000 --- a/2022/CVE-2022-40129.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873593, - "name": "CVE-2022-40129", - "full_name": "Live-Hack-CVE\/CVE-2022-40129", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40129", - "description": "A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:22Z", - "updated_at": "2022-12-28T05:22:22Z", - "pushed_at": "2022-12-28T05:22:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4013.json b/2022/CVE-2022-4013.json new file mode 100644 index 0000000000..f3094b2e01 --- /dev/null +++ b/2022/CVE-2022-4013.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912629, + "name": "CVE-2022-4013", + "full_name": "Live-Hack-CVE\/CVE-2022-4013", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4013", + "description": "A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be us CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:10Z", + "updated_at": "2022-12-28T08:04:10Z", + "pushed_at": "2022-12-28T08:04:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4014.json b/2022/CVE-2022-4014.json new file mode 100644 index 0000000000..8676f4d8c7 --- /dev/null +++ b/2022/CVE-2022-4014.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890928, + "name": "CVE-2022-4014", + "full_name": "Live-Hack-CVE\/CVE-2022-4014", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4014", + "description": "A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:27Z", + "updated_at": "2022-12-28T06:37:27Z", + "pushed_at": "2022-12-28T06:37:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4015.json b/2022/CVE-2022-4015.json new file mode 100644 index 0000000000..3155fab710 --- /dev/null +++ b/2022/CVE-2022-4015.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890899, + "name": "CVE-2022-4015", + "full_name": "Live-Hack-CVE\/CVE-2022-4015", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4015", + "description": "A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin\/make_payments.php. The manipulation of the argument m_id\/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the pu CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:20Z", + "updated_at": "2022-12-28T06:37:21Z", + "pushed_at": "2022-12-28T06:37:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40152.json b/2022/CVE-2022-40152.json deleted file mode 100644 index c9e4515213..0000000000 --- a/2022/CVE-2022-40152.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864145, - "name": "CVE-2022-40152", - "full_name": "Live-Hack-CVE\/CVE-2022-40152", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40152", - "description": "Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:35:24Z", - "updated_at": "2022-12-28T04:35:24Z", - "pushed_at": "2022-12-28T04:35:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40159.json b/2022/CVE-2022-40159.json new file mode 100644 index 0000000000..f9d29e0c1a --- /dev/null +++ b/2022/CVE-2022-40159.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958249, + "name": "CVE-2022-40159", + "full_name": "Live-Hack-CVE\/CVE-2022-40159", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40159", + "description": "** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:29Z", + "updated_at": "2022-12-28T10:50:29Z", + "pushed_at": "2022-12-28T10:50:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40160.json b/2022/CVE-2022-40160.json new file mode 100644 index 0000000000..8bf582eae5 --- /dev/null +++ b/2022/CVE-2022-40160.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935651, + "name": "CVE-2022-40160", + "full_name": "Live-Hack-CVE\/CVE-2022-40160", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40160", + "description": "** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:43Z", + "updated_at": "2022-12-28T09:29:44Z", + "pushed_at": "2022-12-28T09:29:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4018.json b/2022/CVE-2022-4018.json new file mode 100644 index 0000000000..1244be6809 --- /dev/null +++ b/2022/CVE-2022-4018.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901819, + "name": "CVE-2022-4018", + "full_name": "Live-Hack-CVE\/CVE-2022-4018", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4018", + "description": "Missing Authentication for Critical Function in GitHub repository ikus060\/rdiffweb prior to 2.5.0a6. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:24Z", + "updated_at": "2022-12-28T07:21:24Z", + "pushed_at": "2022-12-28T07:21:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40186.json b/2022/CVE-2022-40186.json new file mode 100644 index 0000000000..66db4073ca --- /dev/null +++ b/2022/CVE-2022-40186.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947069, + "name": "CVE-2022-40186", + "full_name": "Live-Hack-CVE\/CVE-2022-40186", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40186", + "description": "An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assi CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:10:01Z", + "updated_at": "2022-12-28T10:10:01Z", + "pushed_at": "2022-12-28T10:10:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40189.json b/2022/CVE-2022-40189.json deleted file mode 100644 index 248c70fc33..0000000000 --- a/2022/CVE-2022-40189.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849645, - "name": "CVE-2022-40189", - "full_name": "Live-Hack-CVE\/CVE-2022-40189", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40189", - "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:49Z", - "updated_at": "2022-12-28T03:18:49Z", - "pushed_at": "2022-12-28T03:18:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4019.json b/2022/CVE-2022-4019.json deleted file mode 100644 index 928e7a0e45..0000000000 --- a/2022/CVE-2022-4019.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863715, - "name": "CVE-2022-4019", - "full_name": "Live-Hack-CVE\/CVE-2022-4019", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4019", - "description": "A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:24Z", - "updated_at": "2022-12-28T04:33:24Z", - "pushed_at": "2022-12-28T04:33:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40192.json b/2022/CVE-2022-40192.json deleted file mode 100644 index 52d9c3b64b..0000000000 --- a/2022/CVE-2022-40192.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873817, - "name": "CVE-2022-40192", - "full_name": "Live-Hack-CVE\/CVE-2022-40192", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40192", - "description": "Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:29Z", - "updated_at": "2022-12-28T05:23:29Z", - "pushed_at": "2022-12-28T05:23:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4020.json b/2022/CVE-2022-4020.json deleted file mode 100644 index 70477d2799..0000000000 --- a/2022/CVE-2022-4020.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833749, - "name": "CVE-2022-4020", - "full_name": "Live-Hack-CVE\/CVE-2022-4020", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4020", - "description": "Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:10Z", - "updated_at": "2022-12-28T01:57:10Z", - "pushed_at": "2022-12-28T01:57:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40200.json b/2022/CVE-2022-40200.json deleted file mode 100644 index 5060bf62d6..0000000000 --- a/2022/CVE-2022-40200.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873830, - "name": "CVE-2022-40200", - "full_name": "Live-Hack-CVE\/CVE-2022-40200", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40200", - "description": "Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:33Z", - "updated_at": "2022-12-28T05:23:33Z", - "pushed_at": "2022-12-28T05:23:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40205.json b/2022/CVE-2022-40205.json new file mode 100644 index 0000000000..54f588119f --- /dev/null +++ b/2022/CVE-2022-40205.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970768, + "name": "CVE-2022-40205", + "full_name": "Live-Hack-CVE\/CVE-2022-40205", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40205", + "description": "Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved\/unsolved. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:30Z", + "updated_at": "2022-12-28T11:36:30Z", + "pushed_at": "2022-12-28T11:36:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40206.json b/2022/CVE-2022-40206.json new file mode 100644 index 0000000000..a54eed36ce --- /dev/null +++ b/2022/CVE-2022-40206.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970786, + "name": "CVE-2022-40206", + "full_name": "Live-Hack-CVE\/CVE-2022-40206", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40206", + "description": "Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private\/public. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:33Z", + "updated_at": "2022-12-28T11:36:33Z", + "pushed_at": "2022-12-28T11:36:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4021.json b/2022/CVE-2022-4021.json new file mode 100644 index 0000000000..0118b767be --- /dev/null +++ b/2022/CVE-2022-4021.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901833, + "name": "CVE-2022-4021", + "full_name": "Live-Hack-CVE\/CVE-2022-4021", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4021", + "description": "The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:28Z", + "updated_at": "2022-12-28T07:21:28Z", + "pushed_at": "2022-12-28T07:21:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40216.json b/2022/CVE-2022-40216.json deleted file mode 100644 index fe40d2b622..0000000000 --- a/2022/CVE-2022-40216.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864719, - "name": "CVE-2022-40216", - "full_name": "Live-Hack-CVE\/CVE-2022-40216", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40216", - "description": "Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:23Z", - "updated_at": "2022-12-28T04:38:23Z", - "pushed_at": "2022-12-28T04:38:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4022.json b/2022/CVE-2022-4022.json new file mode 100644 index 0000000000..79250aabc2 --- /dev/null +++ b/2022/CVE-2022-4022.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901865, + "name": "CVE-2022-4022", + "full_name": "Live-Hack-CVE\/CVE-2022-4022", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4022", + "description": "The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only admini CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:35Z", + "updated_at": "2022-12-28T07:21:35Z", + "pushed_at": "2022-12-28T07:21:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40223.json b/2022/CVE-2022-40223.json new file mode 100644 index 0000000000..56c168d829 --- /dev/null +++ b/2022/CVE-2022-40223.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970874, + "name": "CVE-2022-40223", + "full_name": "Live-Hack-CVE\/CVE-2022-40223", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40223", + "description": "Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:53Z", + "updated_at": "2022-12-28T11:36:53Z", + "pushed_at": "2022-12-28T11:36:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40228.json b/2022/CVE-2022-40228.json deleted file mode 100644 index 03b2e987aa..0000000000 --- a/2022/CVE-2022-40228.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863843, - "name": "CVE-2022-40228", - "full_name": "Live-Hack-CVE\/CVE-2022-40228", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40228", - "description": "IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:55Z", - "updated_at": "2022-12-28T04:33:55Z", - "pushed_at": "2022-12-28T04:33:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40266.json b/2022/CVE-2022-40266.json deleted file mode 100644 index 63a84bdcc1..0000000000 --- a/2022/CVE-2022-40266.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841413, - "name": "CVE-2022-40266", - "full_name": "Live-Hack-CVE\/CVE-2022-40266", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40266", - "description": "Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remot CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:23Z", - "updated_at": "2022-12-28T02:36:23Z", - "pushed_at": "2022-12-28T02:36:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4027.json b/2022/CVE-2022-4027.json deleted file mode 100644 index a95dfaafab..0000000000 --- a/2022/CVE-2022-4027.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833938, - "name": "CVE-2022-4027", - "full_name": "Live-Hack-CVE\/CVE-2022-4027", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4027", - "description": "The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:58:07Z", - "updated_at": "2022-12-28T01:58:07Z", - "pushed_at": "2022-12-28T01:58:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4028.json b/2022/CVE-2022-4028.json deleted file mode 100644 index 4c7f46d642..0000000000 --- a/2022/CVE-2022-4028.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839957, - "name": "CVE-2022-4028", - "full_name": "Live-Hack-CVE\/CVE-2022-4028", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4028", - "description": "The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and e CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:20Z", - "updated_at": "2022-12-28T02:29:20Z", - "pushed_at": "2022-12-28T02:29:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40282.json b/2022/CVE-2022-40282.json deleted file mode 100644 index 526b604961..0000000000 --- a/2022/CVE-2022-40282.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840512, - "name": "CVE-2022-40282", - "full_name": "Live-Hack-CVE\/CVE-2022-40282", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40282", - "description": "The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:32:00Z", - "updated_at": "2022-12-28T02:32:00Z", - "pushed_at": "2022-12-28T02:32:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4029.json b/2022/CVE-2022-4029.json deleted file mode 100644 index 6f423d0dd4..0000000000 --- a/2022/CVE-2022-4029.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839926, - "name": "CVE-2022-4029", - "full_name": "Live-Hack-CVE\/CVE-2022-4029", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4029", - "description": "The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:11Z", - "updated_at": "2022-12-28T02:29:11Z", - "pushed_at": "2022-12-28T02:29:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4030.json b/2022/CVE-2022-4030.json deleted file mode 100644 index be89afdd00..0000000000 --- a/2022/CVE-2022-4030.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839860, - "name": "CVE-2022-4030", - "full_name": "Live-Hack-CVE\/CVE-2022-4030", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4030", - "description": "The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the serve CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:28:43Z", - "updated_at": "2022-12-28T02:28:43Z", - "pushed_at": "2022-12-28T02:28:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40308.json b/2022/CVE-2022-40308.json new file mode 100644 index 0000000000..d6682b741c --- /dev/null +++ b/2022/CVE-2022-40308.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913478, + "name": "CVE-2022-40308", + "full_name": "Live-Hack-CVE\/CVE-2022-40308", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40308", + "description": "If anonymous read enabled, it's possible to read the database file directly without logging in. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:20Z", + "updated_at": "2022-12-28T08:07:20Z", + "pushed_at": "2022-12-28T08:07:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40309.json b/2022/CVE-2022-40309.json new file mode 100644 index 0000000000..423a77657b --- /dev/null +++ b/2022/CVE-2022-40309.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913498, + "name": "CVE-2022-40309", + "full_name": "Live-Hack-CVE\/CVE-2022-40309", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40309", + "description": "Users with write permissions to a repository can delete arbitrary directories. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:23Z", + "updated_at": "2022-12-28T08:07:23Z", + "pushed_at": "2022-12-28T08:07:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4031.json b/2022/CVE-2022-4031.json deleted file mode 100644 index 65cdca1b7f..0000000000 --- a/2022/CVE-2022-4031.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839940, - "name": "CVE-2022-4031", - "full_name": "Live-Hack-CVE\/CVE-2022-4031", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4031", - "description": "The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:14Z", - "updated_at": "2022-12-28T02:29:14Z", - "pushed_at": "2022-12-28T02:29:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4032.json b/2022/CVE-2022-4032.json deleted file mode 100644 index 2431fb1f75..0000000000 --- a/2022/CVE-2022-4032.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833332, - "name": "CVE-2022-4032", - "full_name": "Live-Hack-CVE\/CVE-2022-4032", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4032", - "description": "The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iF CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:07Z", - "updated_at": "2022-12-28T01:55:07Z", - "pushed_at": "2022-12-28T01:55:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4033.json b/2022/CVE-2022-4033.json deleted file mode 100644 index c8c7df91f9..0000000000 --- a/2022/CVE-2022-4033.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833347, - "name": "CVE-2022-4033", - "full_name": "Live-Hack-CVE\/CVE-2022-4033", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4033", - "description": "The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it p CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:11Z", - "updated_at": "2022-12-28T01:55:11Z", - "pushed_at": "2022-12-28T01:55:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4034.json b/2022/CVE-2022-4034.json deleted file mode 100644 index 4457385c45..0000000000 --- a/2022/CVE-2022-4034.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833369, - "name": "CVE-2022-4034", - "full_name": "Live-Hack-CVE\/CVE-2022-4034", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4034", - "description": "The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking det CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:18Z", - "updated_at": "2022-12-28T01:55:18Z", - "pushed_at": "2022-12-28T01:55:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4035.json b/2022/CVE-2022-4035.json deleted file mode 100644 index b382fd9a1c..0000000000 --- a/2022/CVE-2022-4035.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833357, - "name": "CVE-2022-4035", - "full_name": "Live-Hack-CVE\/CVE-2022-4035", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4035", - "description": "The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attack CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:14Z", - "updated_at": "2022-12-28T01:55:14Z", - "pushed_at": "2022-12-28T01:55:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4036.json b/2022/CVE-2022-4036.json deleted file mode 100644 index c7155880c2..0000000000 --- a/2022/CVE-2022-4036.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833411, - "name": "CVE-2022-4036", - "full_name": "Live-Hack-CVE\/CVE-2022-4036", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4036", - "description": "The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:28Z", - "updated_at": "2022-12-28T01:55:28Z", - "pushed_at": "2022-12-28T01:55:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40405.json b/2022/CVE-2022-40405.json new file mode 100644 index 0000000000..f4b4a330d4 --- /dev/null +++ b/2022/CVE-2022-40405.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913507, + "name": "CVE-2022-40405", + "full_name": "Live-Hack-CVE\/CVE-2022-40405", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40405", + "description": "WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:27Z", + "updated_at": "2022-12-28T08:07:27Z", + "pushed_at": "2022-12-28T08:07:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4044.json b/2022/CVE-2022-4044.json deleted file mode 100644 index 162585fc60..0000000000 --- a/2022/CVE-2022-4044.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863729, - "name": "CVE-2022-4044", - "full_name": "Live-Hack-CVE\/CVE-2022-4044", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4044", - "description": "A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:27Z", - "updated_at": "2022-12-28T04:33:27Z", - "pushed_at": "2022-12-28T04:33:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4045.json b/2022/CVE-2022-4045.json deleted file mode 100644 index ebb1144982..0000000000 --- a/2022/CVE-2022-4045.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863682, - "name": "CVE-2022-4045", - "full_name": "Live-Hack-CVE\/CVE-2022-4045", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4045", - "description": "A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:14Z", - "updated_at": "2022-12-28T04:33:14Z", - "pushed_at": "2022-12-28T04:33:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40470.json b/2022/CVE-2022-40470.json deleted file mode 100644 index 998a6fbdd8..0000000000 --- a/2022/CVE-2022-40470.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873609, - "name": "CVE-2022-40470", - "full_name": "Live-Hack-CVE\/CVE-2022-40470", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40470", - "description": "Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:25Z", - "updated_at": "2022-12-28T05:22:25Z", - "pushed_at": "2022-12-28T05:22:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40489.json b/2022/CVE-2022-40489.json deleted file mode 100644 index a97c6ed20c..0000000000 --- a/2022/CVE-2022-40489.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832315, - "name": "CVE-2022-40489", - "full_name": "Live-Hack-CVE\/CVE-2022-40489", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40489", - "description": "ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:40Z", - "updated_at": "2022-12-28T01:49:40Z", - "pushed_at": "2022-12-28T01:49:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4052.json b/2022/CVE-2022-4052.json new file mode 100644 index 0000000000..f067b514fe --- /dev/null +++ b/2022/CVE-2022-4052.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892189, + "name": "CVE-2022-4052", + "full_name": "Live-Hack-CVE\/CVE-2022-4052", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4052", + "description": "A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file \/Admin\/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:21Z", + "updated_at": "2022-12-28T06:42:21Z", + "pushed_at": "2022-12-28T06:42:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4053.json b/2022/CVE-2022-4053.json new file mode 100644 index 0000000000..18583ca7b4 --- /dev/null +++ b/2022/CVE-2022-4053.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892182, + "name": "CVE-2022-4053", + "full_name": "Live-Hack-CVE\/CVE-2022-4053", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4053", + "description": "A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:18Z", + "updated_at": "2022-12-28T06:42:18Z", + "pushed_at": "2022-12-28T06:42:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4055.json b/2022/CVE-2022-4055.json deleted file mode 100644 index 29bf255484..0000000000 --- a/2022/CVE-2022-4055.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864099, - "name": "CVE-2022-4055", - "full_name": "Live-Hack-CVE\/CVE-2022-4055", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4055", - "description": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:35:11Z", - "updated_at": "2022-12-28T04:35:11Z", - "pushed_at": "2022-12-28T04:35:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40602.json b/2022/CVE-2022-40602.json deleted file mode 100644 index 16701e8564..0000000000 --- a/2022/CVE-2022-40602.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863905, - "name": "CVE-2022-40602", - "full_name": "Live-Hack-CVE\/CVE-2022-40602", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40602", - "description": "A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:13Z", - "updated_at": "2022-12-28T04:34:13Z", - "pushed_at": "2022-12-28T04:34:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40617.json b/2022/CVE-2022-40617.json new file mode 100644 index 0000000000..33f4a6e2a3 --- /dev/null +++ b/2022/CVE-2022-40617.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947008, + "name": "CVE-2022-40617", + "full_name": "Live-Hack-CVE\/CVE-2022-40617", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40617", + "description": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL\/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing af CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:50Z", + "updated_at": "2022-12-28T10:09:50Z", + "pushed_at": "2022-12-28T10:09:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40632.json b/2022/CVE-2022-40632.json new file mode 100644 index 0000000000..437963177f --- /dev/null +++ b/2022/CVE-2022-40632.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970896, + "name": "CVE-2022-40632", + "full_name": "Live-Hack-CVE\/CVE-2022-40632", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40632", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:36:56Z", + "updated_at": "2022-12-28T11:36:56Z", + "pushed_at": "2022-12-28T11:36:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4064.json b/2022/CVE-2022-4064.json deleted file mode 100644 index ea19182e68..0000000000 --- a/2022/CVE-2022-4064.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863980, - "name": "CVE-2022-4064", - "full_name": "Live-Hack-CVE\/CVE-2022-4064", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4064", - "description": "A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib\/dalli\/protocol\/meta\/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name o CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:33Z", - "updated_at": "2022-12-28T04:34:33Z", - "pushed_at": "2022-12-28T04:34:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4065.json b/2022/CVE-2022-4065.json deleted file mode 100644 index 8b8019a112..0000000000 --- a/2022/CVE-2022-4065.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863965, - "name": "CVE-2022-4065", - "full_name": "Live-Hack-CVE\/CVE-2022-4065", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4065", - "description": "A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core\/src\/main\/java\/org\/testng\/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remo CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:29Z", - "updated_at": "2022-12-28T04:34:29Z", - "pushed_at": "2022-12-28T04:34:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4066.json b/2022/CVE-2022-4066.json deleted file mode 100644 index 4bbd37be01..0000000000 --- a/2022/CVE-2022-4066.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857695, - "name": "CVE-2022-4066", - "full_name": "Live-Hack-CVE\/CVE-2022-4066", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4066", - "description": "A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src\/onion\/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a16 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:26Z", - "updated_at": "2022-12-28T04:01:26Z", - "pushed_at": "2022-12-28T04:01:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40664.json b/2022/CVE-2022-40664.json new file mode 100644 index 0000000000..f780931987 --- /dev/null +++ b/2022/CVE-2022-40664.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891611, + "name": "CVE-2022-40664", + "full_name": "Live-Hack-CVE\/CVE-2022-40664", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40664", + "description": "Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:08Z", + "updated_at": "2022-12-28T06:40:08Z", + "pushed_at": "2022-12-28T06:40:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40674.json b/2022/CVE-2022-40674.json deleted file mode 100644 index 63797fd313..0000000000 --- a/2022/CVE-2022-40674.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873240, - "name": "CVE-2022-40674", - "full_name": "Live-Hack-CVE\/CVE-2022-40674", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40674", - "description": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:53Z", - "updated_at": "2022-12-28T05:20:53Z", - "pushed_at": "2022-12-28T05:20:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4068.json b/2022/CVE-2022-4068.json deleted file mode 100644 index c064642b6a..0000000000 --- a/2022/CVE-2022-4068.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849708, - "name": "CVE-2022-4068", - "full_name": "Live-Hack-CVE\/CVE-2022-4068", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4068", - "description": "A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:19:04Z", - "updated_at": "2022-12-28T03:19:04Z", - "pushed_at": "2022-12-28T03:19:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40694.json b/2022/CVE-2022-40694.json deleted file mode 100644 index f5f6feaa68..0000000000 --- a/2022/CVE-2022-40694.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873840, - "name": "CVE-2022-40694", - "full_name": "Live-Hack-CVE\/CVE-2022-40694", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40694", - "description": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:36Z", - "updated_at": "2022-12-28T05:23:36Z", - "pushed_at": "2022-12-28T05:23:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40735.json b/2022/CVE-2022-40735.json deleted file mode 100644 index 97f3131033..0000000000 --- a/2022/CVE-2022-40735.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873948, - "name": "CVE-2022-40735", - "full_name": "Live-Hack-CVE\/CVE-2022-40735", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40735", - "description": "The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that \"(appropriately) short exponents\" can be used when there are adequate subgroup constraints, and these short exponents can lead CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:06Z", - "updated_at": "2022-12-28T05:24:06Z", - "pushed_at": "2022-12-28T05:24:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40746.json b/2022/CVE-2022-40746.json deleted file mode 100644 index 0f762bdec0..0000000000 --- a/2022/CVE-2022-40746.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865193, - "name": "CVE-2022-40746", - "full_name": "Live-Hack-CVE\/CVE-2022-40746", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40746", - "description": "IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:49Z", - "updated_at": "2022-12-28T04:40:49Z", - "pushed_at": "2022-12-28T04:40:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40750.json b/2022/CVE-2022-40750.json new file mode 100644 index 0000000000..f05cd324c0 --- /dev/null +++ b/2022/CVE-2022-40750.json @@ -0,0 +1,31 @@ +[ + { + "id": 582925132, + "name": "CVE-2022-40750", + "full_name": "Live-Hack-CVE\/CVE-2022-40750", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40750", + "description": "IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:51:51Z", + "updated_at": "2022-12-28T08:51:51Z", + "pushed_at": "2022-12-28T08:51:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40751.json b/2022/CVE-2022-40751.json new file mode 100644 index 0000000000..414f5ec294 --- /dev/null +++ b/2022/CVE-2022-40751.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891576, + "name": "CVE-2022-40751", + "full_name": "Live-Hack-CVE\/CVE-2022-40751", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40751", + "description": "IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including \"Manage Security\" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. I CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:01Z", + "updated_at": "2022-12-28T06:40:01Z", + "pushed_at": "2022-12-28T06:40:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40753.json b/2022/CVE-2022-40753.json new file mode 100644 index 0000000000..31544bb9c7 --- /dev/null +++ b/2022/CVE-2022-40753.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892523, + "name": "CVE-2022-40753", + "full_name": "Live-Hack-CVE\/CVE-2022-40753", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40753", + "description": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:39Z", + "updated_at": "2022-12-28T06:43:39Z", + "pushed_at": "2022-12-28T06:43:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40765.json b/2022/CVE-2022-40765.json deleted file mode 100644 index 1c71bea8a5..0000000000 --- a/2022/CVE-2022-40765.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863941, - "name": "CVE-2022-40765", - "full_name": "Live-Hack-CVE\/CVE-2022-40765", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40765", - "description": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:23Z", - "updated_at": "2022-12-28T04:34:23Z", - "pushed_at": "2022-12-28T04:34:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40770.json b/2022/CVE-2022-40770.json deleted file mode 100644 index f8db446439..0000000000 --- a/2022/CVE-2022-40770.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856636, - "name": "CVE-2022-40770", - "full_name": "Live-Hack-CVE\/CVE-2022-40770", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40770", - "description": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:52Z", - "updated_at": "2022-12-28T03:55:53Z", - "pushed_at": "2022-12-28T03:55:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40771.json b/2022/CVE-2022-40771.json deleted file mode 100644 index 221a6e0eea..0000000000 --- a/2022/CVE-2022-40771.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848602, - "name": "CVE-2022-40771", - "full_name": "Live-Hack-CVE\/CVE-2022-40771", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40771", - "description": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:23Z", - "updated_at": "2022-12-28T03:13:23Z", - "pushed_at": "2022-12-28T03:13:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40772.json b/2022/CVE-2022-40772.json deleted file mode 100644 index d621d304d9..0000000000 --- a/2022/CVE-2022-40772.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848680, - "name": "CVE-2022-40772", - "full_name": "Live-Hack-CVE\/CVE-2022-40772", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40772", - "description": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:46Z", - "updated_at": "2022-12-28T03:13:46Z", - "pushed_at": "2022-12-28T03:13:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40773.json b/2022/CVE-2022-40773.json new file mode 100644 index 0000000000..ff3d0b1e9d --- /dev/null +++ b/2022/CVE-2022-40773.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924188, + "name": "CVE-2022-40773", + "full_name": "Live-Hack-CVE\/CVE-2022-40773", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40773", + "description": "Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:15Z", + "updated_at": "2022-12-28T08:48:15Z", + "pushed_at": "2022-12-28T08:48:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40799.json b/2022/CVE-2022-40799.json deleted file mode 100644 index f79499f57b..0000000000 --- a/2022/CVE-2022-40799.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833545, - "name": "CVE-2022-40799", - "full_name": "Live-Hack-CVE\/CVE-2022-40799", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40799", - "description": "Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:12Z", - "updated_at": "2022-12-28T01:56:12Z", - "pushed_at": "2022-12-28T01:56:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40842.json b/2022/CVE-2022-40842.json deleted file mode 100644 index 0eb7cab8fe..0000000000 --- a/2022/CVE-2022-40842.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865438, - "name": "CVE-2022-40842", - "full_name": "Live-Hack-CVE\/CVE-2022-40842", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40842", - "description": "ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:09Z", - "updated_at": "2022-12-28T04:42:09Z", - "pushed_at": "2022-12-28T04:42:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40843.json b/2022/CVE-2022-40843.json new file mode 100644 index 0000000000..fff9df09b6 --- /dev/null +++ b/2022/CVE-2022-40843.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892858, + "name": "CVE-2022-40843", + "full_name": "Live-Hack-CVE\/CVE-2022-40843", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40843", + "description": "The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization \/ improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's u CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:44:57Z", + "updated_at": "2022-12-28T06:44:57Z", + "pushed_at": "2022-12-28T06:45:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-40849.json b/2022/CVE-2022-40849.json deleted file mode 100644 index fb96bd22b5..0000000000 --- a/2022/CVE-2022-40849.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832286, - "name": "CVE-2022-40849", - "full_name": "Live-Hack-CVE\/CVE-2022-40849", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40849", - "description": "ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PH CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:30Z", - "updated_at": "2022-12-28T01:49:30Z", - "pushed_at": "2022-12-28T01:49:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4087.json b/2022/CVE-2022-4087.json deleted file mode 100644 index a6d6dfabb9..0000000000 --- a/2022/CVE-2022-4087.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841786, - "name": "CVE-2022-4087", - "full_name": "Live-Hack-CVE\/CVE-2022-4087", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4087", - "description": "A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src\/net\/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b457 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:21Z", - "updated_at": "2022-12-28T02:38:21Z", - "pushed_at": "2022-12-28T02:38:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40870.json b/2022/CVE-2022-40870.json deleted file mode 100644 index fadfc1ba51..0000000000 --- a/2022/CVE-2022-40870.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863797, - "name": "CVE-2022-40870", - "full_name": "Live-Hack-CVE\/CVE-2022-40870", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40870", - "description": "The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:41Z", - "updated_at": "2022-12-28T04:33:41Z", - "pushed_at": "2022-12-28T04:33:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4088.json b/2022/CVE-2022-4088.json deleted file mode 100644 index 359675a1e1..0000000000 --- a/2022/CVE-2022-4088.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856439, - "name": "CVE-2022-4088", - "full_name": "Live-Hack-CVE\/CVE-2022-4088", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4088", - "description": "A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file \/pages\/processlogin.php. The manipulation of the argument user\/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:50Z", - "updated_at": "2022-12-28T03:54:50Z", - "pushed_at": "2022-12-28T03:54:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40881.json b/2022/CVE-2022-40881.json new file mode 100644 index 0000000000..d9ecb6d22b --- /dev/null +++ b/2022/CVE-2022-40881.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891743, + "name": "CVE-2022-40881", + "full_name": "Live-Hack-CVE\/CVE-2022-40881", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40881", + "description": "SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:40Z", + "updated_at": "2022-12-28T06:40:40Z", + "pushed_at": "2022-12-28T06:40:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4089.json b/2022/CVE-2022-4089.json deleted file mode 100644 index 53ea36e01b..0000000000 --- a/2022/CVE-2022-4089.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856451, - "name": "CVE-2022-4089", - "full_name": "Live-Hack-CVE\/CVE-2022-4089", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4089", - "description": "A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file \/pages\/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:53Z", - "updated_at": "2022-12-28T03:54:53Z", - "pushed_at": "2022-12-28T03:54:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4090.json b/2022/CVE-2022-4090.json deleted file mode 100644 index e8f610a7b9..0000000000 --- a/2022/CVE-2022-4090.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856468, - "name": "CVE-2022-4090", - "full_name": "Live-Hack-CVE\/CVE-2022-4090", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4090", - "description": "A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:54:57Z", - "updated_at": "2022-12-28T03:54:57Z", - "pushed_at": "2022-12-28T03:54:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40903.json b/2022/CVE-2022-40903.json deleted file mode 100644 index 5371238d91..0000000000 --- a/2022/CVE-2022-40903.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872674, - "name": "CVE-2022-40903", - "full_name": "Live-Hack-CVE\/CVE-2022-40903", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40903", - "description": "Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:43Z", - "updated_at": "2022-12-28T05:18:43Z", - "pushed_at": "2022-12-28T05:18:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4091.json b/2022/CVE-2022-4091.json deleted file mode 100644 index 4b52ee43d3..0000000000 --- a/2022/CVE-2022-4091.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841141, - "name": "CVE-2022-4091", - "full_name": "Live-Hack-CVE\/CVE-2022-4091", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4091", - "description": "A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:35:10Z", - "updated_at": "2022-12-28T02:35:10Z", - "pushed_at": "2022-12-28T02:35:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4093.json b/2022/CVE-2022-4093.json deleted file mode 100644 index c6b8faefbd..0000000000 --- a/2022/CVE-2022-4093.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871710, - "name": "CVE-2022-4093", - "full_name": "Live-Hack-CVE\/CVE-2022-4093", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4093", - "description": "SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:14:13Z", - "updated_at": "2022-12-28T05:14:13Z", - "pushed_at": "2022-12-28T05:14:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40954.json b/2022/CVE-2022-40954.json deleted file mode 100644 index f09df3eea2..0000000000 --- a/2022/CVE-2022-40954.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857292, - "name": "CVE-2022-40954", - "full_name": "Live-Hack-CVE\/CVE-2022-40954", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40954", - "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:23Z", - "updated_at": "2022-12-28T03:59:23Z", - "pushed_at": "2022-12-28T03:59:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4096.json b/2022/CVE-2022-4096.json deleted file mode 100644 index 368a125615..0000000000 --- a/2022/CVE-2022-4096.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865537, - "name": "CVE-2022-4096", - "full_name": "Live-Hack-CVE\/CVE-2022-4096", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4096", - "description": "Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg\/appsmith prior to 1.8.2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:41Z", - "updated_at": "2022-12-28T04:42:41Z", - "pushed_at": "2022-12-28T04:42:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40963.json b/2022/CVE-2022-40963.json deleted file mode 100644 index 772f026c44..0000000000 --- a/2022/CVE-2022-40963.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864632, - "name": "CVE-2022-40963", - "full_name": "Live-Hack-CVE\/CVE-2022-40963", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40963", - "description": "Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:52Z", - "updated_at": "2022-12-28T04:37:52Z", - "pushed_at": "2022-12-28T04:37:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40976.json b/2022/CVE-2022-40976.json deleted file mode 100644 index 3d1bf61328..0000000000 --- a/2022/CVE-2022-40976.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840477, - "name": "CVE-2022-40976", - "full_name": "Live-Hack-CVE\/CVE-2022-40976", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40976", - "description": "A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:49Z", - "updated_at": "2022-12-28T02:31:49Z", - "pushed_at": "2022-12-28T02:31:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40977.json b/2022/CVE-2022-40977.json deleted file mode 100644 index a233a30041..0000000000 --- a/2022/CVE-2022-40977.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840487, - "name": "CVE-2022-40977", - "full_name": "Live-Hack-CVE\/CVE-2022-40977", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40977", - "description": "A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:53Z", - "updated_at": "2022-12-28T02:31:53Z", - "pushed_at": "2022-12-28T02:31:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-40981.json b/2022/CVE-2022-40981.json new file mode 100644 index 0000000000..8aecdb1ea2 --- /dev/null +++ b/2022/CVE-2022-40981.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933805, + "name": "CVE-2022-40981", + "full_name": "Live-Hack-CVE\/CVE-2022-40981", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-40981", + "description": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:34Z", + "updated_at": "2022-12-28T09:23:34Z", + "pushed_at": "2022-12-28T09:23:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41032.json b/2022/CVE-2022-41032.json deleted file mode 100644 index a8dacd8d40..0000000000 --- a/2022/CVE-2022-41032.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824556, - "name": "CVE-2022-41032", - "full_name": "Live-Hack-CVE\/CVE-2022-41032", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41032", - "description": "NuGet Client Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:05:21Z", - "updated_at": "2022-12-28T01:05:21Z", - "pushed_at": "2022-12-28T01:05:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41035.json b/2022/CVE-2022-41035.json new file mode 100644 index 0000000000..828c66b917 --- /dev/null +++ b/2022/CVE-2022-41035.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947574, + "name": "CVE-2022-41035", + "full_name": "Live-Hack-CVE\/CVE-2022-41035", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41035", + "description": "Microsoft Edge (Chromium-based) Spoofing Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:11:39Z", + "updated_at": "2022-12-28T10:11:39Z", + "pushed_at": "2022-12-28T10:11:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41039.json b/2022/CVE-2022-41039.json new file mode 100644 index 0000000000..8bfae975e2 --- /dev/null +++ b/2022/CVE-2022-41039.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947898, + "name": "CVE-2022-41039", + "full_name": "Live-Hack-CVE\/CVE-2022-41039", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41039", + "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:47Z", + "updated_at": "2022-12-28T10:12:47Z", + "pushed_at": "2022-12-28T10:12:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4104.json b/2022/CVE-2022-4104.json deleted file mode 100644 index bff04e0dd8..0000000000 --- a/2022/CVE-2022-4104.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833235, - "name": "CVE-2022-4104", - "full_name": "Live-Hack-CVE\/CVE-2022-4104", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4104", - "description": "A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:39Z", - "updated_at": "2022-12-28T01:54:39Z", - "pushed_at": "2022-12-28T01:54:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41043.json b/2022/CVE-2022-41043.json deleted file mode 100644 index 61f977f230..0000000000 --- a/2022/CVE-2022-41043.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811861, - "name": "CVE-2022-41043", - "full_name": "Live-Hack-CVE\/CVE-2022-41043", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41043", - "description": "Microsoft Office Information Disclosure Vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:12Z", - "updated_at": "2022-12-27T23:51:12Z", - "pushed_at": "2022-12-27T23:51:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41044.json b/2022/CVE-2022-41044.json new file mode 100644 index 0000000000..64b77dba80 --- /dev/null +++ b/2022/CVE-2022-41044.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947916, + "name": "CVE-2022-41044", + "full_name": "Live-Hack-CVE\/CVE-2022-41044", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41044", + "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41088. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:51Z", + "updated_at": "2022-12-28T10:12:51Z", + "pushed_at": "2022-12-28T10:12:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41045.json b/2022/CVE-2022-41045.json new file mode 100644 index 0000000000..6eb9ae2e10 --- /dev/null +++ b/2022/CVE-2022-41045.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947943, + "name": "CVE-2022-41045", + "full_name": "Live-Hack-CVE\/CVE-2022-41045", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41045", + "description": "Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:54Z", + "updated_at": "2022-12-28T10:12:55Z", + "pushed_at": "2022-12-28T10:12:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41047.json b/2022/CVE-2022-41047.json new file mode 100644 index 0000000000..f5211eb76b --- /dev/null +++ b/2022/CVE-2022-41047.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947964, + "name": "CVE-2022-41047", + "full_name": "Live-Hack-CVE\/CVE-2022-41047", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41047", + "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41048. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:58Z", + "updated_at": "2022-12-28T10:12:58Z", + "pushed_at": "2022-12-28T10:13:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41048.json b/2022/CVE-2022-41048.json new file mode 100644 index 0000000000..658e525ebf --- /dev/null +++ b/2022/CVE-2022-41048.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947987, + "name": "CVE-2022-41048", + "full_name": "Live-Hack-CVE\/CVE-2022-41048", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41048", + "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:02Z", + "updated_at": "2022-12-28T10:13:02Z", + "pushed_at": "2022-12-28T10:13:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41049.json b/2022/CVE-2022-41049.json new file mode 100644 index 0000000000..fe83d21d39 --- /dev/null +++ b/2022/CVE-2022-41049.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936841, + "name": "CVE-2022-41049", + "full_name": "Live-Hack-CVE\/CVE-2022-41049", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41049", + "description": "Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:51Z", + "updated_at": "2022-12-28T09:33:51Z", + "pushed_at": "2022-12-28T09:33:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4105.json b/2022/CVE-2022-4105.json deleted file mode 100644 index b957978f75..0000000000 --- a/2022/CVE-2022-4105.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864990, - "name": "CVE-2022-4105", - "full_name": "Live-Hack-CVE\/CVE-2022-4105", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4105", - "description": "A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:51Z", - "updated_at": "2022-12-28T04:39:51Z", - "pushed_at": "2022-12-28T04:39:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41050.json b/2022/CVE-2022-41050.json new file mode 100644 index 0000000000..88dccd632b --- /dev/null +++ b/2022/CVE-2022-41050.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936857, + "name": "CVE-2022-41050", + "full_name": "Live-Hack-CVE\/CVE-2022-41050", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41050", + "description": "Windows Extensible File Allocation Table Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:55Z", + "updated_at": "2022-12-28T09:33:55Z", + "pushed_at": "2022-12-28T09:33:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41051.json b/2022/CVE-2022-41051.json new file mode 100644 index 0000000000..2c004567da --- /dev/null +++ b/2022/CVE-2022-41051.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937014, + "name": "CVE-2022-41051", + "full_name": "Live-Hack-CVE\/CVE-2022-41051", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41051", + "description": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:28Z", + "updated_at": "2022-12-28T09:34:28Z", + "pushed_at": "2022-12-28T09:34:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41052.json b/2022/CVE-2022-41052.json new file mode 100644 index 0000000000..48b70dc3c0 --- /dev/null +++ b/2022/CVE-2022-41052.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936891, + "name": "CVE-2022-41052", + "full_name": "Live-Hack-CVE\/CVE-2022-41052", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41052", + "description": "Windows Graphics Component Remote Code Execution Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:03Z", + "updated_at": "2022-12-28T09:34:03Z", + "pushed_at": "2022-12-28T09:34:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41053.json b/2022/CVE-2022-41053.json new file mode 100644 index 0000000000..b57c662ac5 --- /dev/null +++ b/2022/CVE-2022-41053.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936911, + "name": "CVE-2022-41053", + "full_name": "Live-Hack-CVE\/CVE-2022-41053", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41053", + "description": "Windows Kerberos Denial of Service Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:07Z", + "updated_at": "2022-12-28T09:34:07Z", + "pushed_at": "2022-12-28T09:34:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41054.json b/2022/CVE-2022-41054.json new file mode 100644 index 0000000000..e1df8a5f1a --- /dev/null +++ b/2022/CVE-2022-41054.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937060, + "name": "CVE-2022-41054", + "full_name": "Live-Hack-CVE\/CVE-2022-41054", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41054", + "description": "Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:39Z", + "updated_at": "2022-12-28T09:34:39Z", + "pushed_at": "2022-12-28T09:34:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41055.json b/2022/CVE-2022-41055.json new file mode 100644 index 0000000000..51e6bce363 --- /dev/null +++ b/2022/CVE-2022-41055.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948080, + "name": "CVE-2022-41055", + "full_name": "Live-Hack-CVE\/CVE-2022-41055", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41055", + "description": "Windows Human Interface Device Information Disclosure Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:25Z", + "updated_at": "2022-12-28T10:13:26Z", + "pushed_at": "2022-12-28T10:13:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41056.json b/2022/CVE-2022-41056.json new file mode 100644 index 0000000000..effc3b53ef --- /dev/null +++ b/2022/CVE-2022-41056.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948098, + "name": "CVE-2022-41056", + "full_name": "Live-Hack-CVE\/CVE-2022-41056", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41056", + "description": "Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:29Z", + "updated_at": "2022-12-28T10:13:29Z", + "pushed_at": "2022-12-28T10:13:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41058.json b/2022/CVE-2022-41058.json new file mode 100644 index 0000000000..e09e4f2acd --- /dev/null +++ b/2022/CVE-2022-41058.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948134, + "name": "CVE-2022-41058", + "full_name": "Live-Hack-CVE\/CVE-2022-41058", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41058", + "description": "Windows Network Address Translation (NAT) Denial of Service Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:36Z", + "updated_at": "2022-12-28T10:13:36Z", + "pushed_at": "2022-12-28T10:13:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41060.json b/2022/CVE-2022-41060.json new file mode 100644 index 0000000000..dd6bd1cc82 --- /dev/null +++ b/2022/CVE-2022-41060.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937033, + "name": "CVE-2022-41060", + "full_name": "Live-Hack-CVE\/CVE-2022-41060", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41060", + "description": "Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:32Z", + "updated_at": "2022-12-28T09:34:32Z", + "pushed_at": "2022-12-28T09:34:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41061.json b/2022/CVE-2022-41061.json new file mode 100644 index 0000000000..ad1906e2f0 --- /dev/null +++ b/2022/CVE-2022-41061.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937198, + "name": "CVE-2022-41061", + "full_name": "Live-Hack-CVE\/CVE-2022-41061", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41061", + "description": "Microsoft Word Remote Code Execution Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:35:09Z", + "updated_at": "2022-12-28T09:35:09Z", + "pushed_at": "2022-12-28T09:35:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41062.json b/2022/CVE-2022-41062.json new file mode 100644 index 0000000000..31fef1972e --- /dev/null +++ b/2022/CVE-2022-41062.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946477, + "name": "CVE-2022-41062", + "full_name": "Live-Hack-CVE\/CVE-2022-41062", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41062", + "description": "Microsoft SharePoint Server Remote Code Execution Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:03Z", + "updated_at": "2022-12-28T10:08:03Z", + "pushed_at": "2022-12-28T10:08:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41063.json b/2022/CVE-2022-41063.json new file mode 100644 index 0000000000..3feaf46d71 --- /dev/null +++ b/2022/CVE-2022-41063.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946496, + "name": "CVE-2022-41063", + "full_name": "Live-Hack-CVE\/CVE-2022-41063", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41063", + "description": "Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41106. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:07Z", + "updated_at": "2022-12-28T10:08:07Z", + "pushed_at": "2022-12-28T10:08:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41064.json b/2022/CVE-2022-41064.json deleted file mode 100644 index f68ba0af03..0000000000 --- a/2022/CVE-2022-41064.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849565, - "name": "CVE-2022-41064", - "full_name": "Live-Hack-CVE\/CVE-2022-41064", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41064", - "description": ".NET Framework Information Disclosure Vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:27Z", - "updated_at": "2022-12-28T03:18:27Z", - "pushed_at": "2022-12-28T03:18:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41066.json b/2022/CVE-2022-41066.json new file mode 100644 index 0000000000..4582f3e515 --- /dev/null +++ b/2022/CVE-2022-41066.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947829, + "name": "CVE-2022-41066", + "full_name": "Live-Hack-CVE\/CVE-2022-41066", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41066", + "description": "Microsoft Business Central Information Disclosure Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:33Z", + "updated_at": "2022-12-28T10:12:33Z", + "pushed_at": "2022-12-28T10:12:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41073.json b/2022/CVE-2022-41073.json new file mode 100644 index 0000000000..d417cb7b99 --- /dev/null +++ b/2022/CVE-2022-41073.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946509, + "name": "CVE-2022-41073", + "full_name": "Live-Hack-CVE\/CVE-2022-41073", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41073", + "description": "Windows Print Spooler Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:10Z", + "updated_at": "2022-12-28T10:08:10Z", + "pushed_at": "2022-12-28T10:08:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41080.json b/2022/CVE-2022-41080.json new file mode 100644 index 0000000000..ce3b7031f3 --- /dev/null +++ b/2022/CVE-2022-41080.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959076, + "name": "CVE-2022-41080", + "full_name": "Live-Hack-CVE\/CVE-2022-41080", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41080", + "description": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:53:33Z", + "updated_at": "2022-12-28T10:53:33Z", + "pushed_at": "2022-12-28T10:53:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41082.json b/2022/CVE-2022-41082.json new file mode 100644 index 0000000000..90c21258c3 --- /dev/null +++ b/2022/CVE-2022-41082.json @@ -0,0 +1,31 @@ +[ + { + "id": 581104837, + "name": "OWASSRF-CVE-2022-41082-POC", + "full_name": "balki97\/OWASSRF-CVE-2022-41082-POC", + "owner": { + "login": "balki97", + "id": 37090035, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37090035?v=4", + "html_url": "https:\/\/github.com\/balki97" + }, + "html_url": "https:\/\/github.com\/balki97\/OWASSRF-CVE-2022-41082-POC", + "description": "PoC for the CVE-2022-41082 Vulnerability Effecting Microsoft Exchange Servers", + "fork": false, + "created_at": "2022-12-22T09:35:26Z", + "updated_at": "2022-12-28T05:57:14Z", + "pushed_at": "2022-12-28T10:14:30Z", + "stargazers_count": 9, + "watchers_count": 9, + "has_discussions": false, + "forks_count": 5, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 5, + "watchers": 9, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41085.json b/2022/CVE-2022-41085.json new file mode 100644 index 0000000000..e1c9c0d89c --- /dev/null +++ b/2022/CVE-2022-41085.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946532, + "name": "CVE-2022-41085", + "full_name": "Live-Hack-CVE\/CVE-2022-41085", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41085", + "description": "Azure CycleCloud Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:14Z", + "updated_at": "2022-12-28T10:08:14Z", + "pushed_at": "2022-12-28T10:08:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41086.json b/2022/CVE-2022-41086.json new file mode 100644 index 0000000000..34dbf17031 --- /dev/null +++ b/2022/CVE-2022-41086.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958612, + "name": "CVE-2022-41086", + "full_name": "Live-Hack-CVE\/CVE-2022-41086", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41086", + "description": "Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37992. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:44Z", + "updated_at": "2022-12-28T10:51:44Z", + "pushed_at": "2022-12-28T10:51:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41088.json b/2022/CVE-2022-41088.json new file mode 100644 index 0000000000..98a56fd72c --- /dev/null +++ b/2022/CVE-2022-41088.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946697, + "name": "CVE-2022-41088", + "full_name": "Live-Hack-CVE\/CVE-2022-41088", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41088", + "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:48Z", + "updated_at": "2022-12-28T10:08:48Z", + "pushed_at": "2022-12-28T10:08:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41090.json b/2022/CVE-2022-41090.json new file mode 100644 index 0000000000..6e932b9c13 --- /dev/null +++ b/2022/CVE-2022-41090.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946722, + "name": "CVE-2022-41090", + "full_name": "Live-Hack-CVE\/CVE-2022-41090", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41090", + "description": "Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:52Z", + "updated_at": "2022-12-28T10:08:52Z", + "pushed_at": "2022-12-28T10:08:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41091.json b/2022/CVE-2022-41091.json new file mode 100644 index 0000000000..c13f606ded --- /dev/null +++ b/2022/CVE-2022-41091.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946735, + "name": "CVE-2022-41091", + "full_name": "Live-Hack-CVE\/CVE-2022-41091", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41091", + "description": "Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:56Z", + "updated_at": "2022-12-28T10:08:56Z", + "pushed_at": "2022-12-28T10:08:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41092.json b/2022/CVE-2022-41092.json new file mode 100644 index 0000000000..8a023a1f38 --- /dev/null +++ b/2022/CVE-2022-41092.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946751, + "name": "CVE-2022-41092", + "full_name": "Live-Hack-CVE\/CVE-2022-41092", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41092", + "description": "Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41109. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:08:59Z", + "updated_at": "2022-12-28T10:08:59Z", + "pushed_at": "2022-12-28T10:09:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41093.json b/2022/CVE-2022-41093.json new file mode 100644 index 0000000000..499cdc02f6 --- /dev/null +++ b/2022/CVE-2022-41093.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946770, + "name": "CVE-2022-41093", + "full_name": "Live-Hack-CVE\/CVE-2022-41093", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41093", + "description": "Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:03Z", + "updated_at": "2022-12-28T10:09:03Z", + "pushed_at": "2022-12-28T10:09:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41095.json b/2022/CVE-2022-41095.json new file mode 100644 index 0000000000..8de6d6fe9d --- /dev/null +++ b/2022/CVE-2022-41095.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946794, + "name": "CVE-2022-41095", + "full_name": "Live-Hack-CVE\/CVE-2022-41095", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41095", + "description": "Windows Digital Media Receiver Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:06Z", + "updated_at": "2022-12-28T10:09:06Z", + "pushed_at": "2022-12-28T10:09:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41096.json b/2022/CVE-2022-41096.json new file mode 100644 index 0000000000..069842ad0a --- /dev/null +++ b/2022/CVE-2022-41096.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946811, + "name": "CVE-2022-41096", + "full_name": "Live-Hack-CVE\/CVE-2022-41096", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41096", + "description": "Microsoft DWM Core Library Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:10Z", + "updated_at": "2022-12-28T10:09:10Z", + "pushed_at": "2022-12-28T10:09:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41097.json b/2022/CVE-2022-41097.json new file mode 100644 index 0000000000..c3a4cc8de4 --- /dev/null +++ b/2022/CVE-2022-41097.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945785, + "name": "CVE-2022-41097", + "full_name": "Live-Hack-CVE\/CVE-2022-41097", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41097", + "description": "Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:05:45Z", + "updated_at": "2022-12-28T10:05:46Z", + "pushed_at": "2022-12-28T10:05:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41098.json b/2022/CVE-2022-41098.json new file mode 100644 index 0000000000..919b099187 --- /dev/null +++ b/2022/CVE-2022-41098.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946824, + "name": "CVE-2022-41098", + "full_name": "Live-Hack-CVE\/CVE-2022-41098", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41098", + "description": "Windows GDI+ Information Disclosure Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:13Z", + "updated_at": "2022-12-28T10:09:13Z", + "pushed_at": "2022-12-28T10:09:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41099.json b/2022/CVE-2022-41099.json new file mode 100644 index 0000000000..d90fe07a3c --- /dev/null +++ b/2022/CVE-2022-41099.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946847, + "name": "CVE-2022-41099", + "full_name": "Live-Hack-CVE\/CVE-2022-41099", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41099", + "description": "BitLocker Security Feature Bypass Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:09:17Z", + "updated_at": "2022-12-28T10:09:17Z", + "pushed_at": "2022-12-28T10:09:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41100.json b/2022/CVE-2022-41100.json new file mode 100644 index 0000000000..db9207d697 --- /dev/null +++ b/2022/CVE-2022-41100.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937180, + "name": "CVE-2022-41100", + "full_name": "Live-Hack-CVE\/CVE-2022-41100", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41100", + "description": "Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:35:04Z", + "updated_at": "2022-12-28T09:35:04Z", + "pushed_at": "2022-12-28T09:35:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41101.json b/2022/CVE-2022-41101.json new file mode 100644 index 0000000000..e3e5c50002 --- /dev/null +++ b/2022/CVE-2022-41101.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937147, + "name": "CVE-2022-41101", + "full_name": "Live-Hack-CVE\/CVE-2022-41101", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41101", + "description": "Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41102. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:56Z", + "updated_at": "2022-12-28T09:34:56Z", + "pushed_at": "2022-12-28T09:34:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41102.json b/2022/CVE-2022-41102.json new file mode 100644 index 0000000000..6ab1787709 --- /dev/null +++ b/2022/CVE-2022-41102.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945917, + "name": "CVE-2022-41102", + "full_name": "Live-Hack-CVE\/CVE-2022-41102", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41102", + "description": "Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41101. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:11Z", + "updated_at": "2022-12-28T10:06:11Z", + "pushed_at": "2022-12-28T10:06:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41103.json b/2022/CVE-2022-41103.json new file mode 100644 index 0000000000..d215464c47 --- /dev/null +++ b/2022/CVE-2022-41103.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945864, + "name": "CVE-2022-41103", + "full_name": "Live-Hack-CVE\/CVE-2022-41103", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41103", + "description": "Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41060. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:06:00Z", + "updated_at": "2022-12-28T10:06:00Z", + "pushed_at": "2022-12-28T10:06:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41104.json b/2022/CVE-2022-41104.json new file mode 100644 index 0000000000..506e18fdf1 --- /dev/null +++ b/2022/CVE-2022-41104.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947839, + "name": "CVE-2022-41104", + "full_name": "Live-Hack-CVE\/CVE-2022-41104", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41104", + "description": "Microsoft Excel Security Feature Bypass Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:37Z", + "updated_at": "2022-12-28T10:12:37Z", + "pushed_at": "2022-12-28T10:12:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41105.json b/2022/CVE-2022-41105.json new file mode 100644 index 0000000000..d0cace7fd8 --- /dev/null +++ b/2022/CVE-2022-41105.json @@ -0,0 +1,31 @@ +[ + { + "id": 582947879, + "name": "CVE-2022-41105", + "full_name": "Live-Hack-CVE\/CVE-2022-41105", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41105", + "description": "Microsoft Excel Information Disclosure Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:12:44Z", + "updated_at": "2022-12-28T10:12:44Z", + "pushed_at": "2022-12-28T10:12:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41106.json b/2022/CVE-2022-41106.json new file mode 100644 index 0000000000..e60de90392 --- /dev/null +++ b/2022/CVE-2022-41106.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935613, + "name": "CVE-2022-41106", + "full_name": "Live-Hack-CVE\/CVE-2022-41106", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41106", + "description": "Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41063. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:34Z", + "updated_at": "2022-12-28T09:29:34Z", + "pushed_at": "2022-12-28T09:29:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41107.json b/2022/CVE-2022-41107.json new file mode 100644 index 0000000000..9d86301846 --- /dev/null +++ b/2022/CVE-2022-41107.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948054, + "name": "CVE-2022-41107", + "full_name": "Live-Hack-CVE\/CVE-2022-41107", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41107", + "description": "Microsoft Office Graphics Remote Code Execution Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:19Z", + "updated_at": "2022-12-28T10:13:19Z", + "pushed_at": "2022-12-28T10:13:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41109.json b/2022/CVE-2022-41109.json new file mode 100644 index 0000000000..8f53904d93 --- /dev/null +++ b/2022/CVE-2022-41109.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937043, + "name": "CVE-2022-41109", + "full_name": "Live-Hack-CVE\/CVE-2022-41109", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41109", + "description": "Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41092. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:35Z", + "updated_at": "2022-12-28T09:34:35Z", + "pushed_at": "2022-12-28T09:34:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4111.json b/2022/CVE-2022-4111.json deleted file mode 100644 index 3d28740cd4..0000000000 --- a/2022/CVE-2022-4111.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863897, - "name": "CVE-2022-4111", - "full_name": "Live-Hack-CVE\/CVE-2022-4111", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4111", - "description": "Unrestricted file size limit can lead to DoS in tooljet\/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:09Z", - "updated_at": "2022-12-28T04:34:09Z", - "pushed_at": "2022-12-28T04:34:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41113.json b/2022/CVE-2022-41113.json new file mode 100644 index 0000000000..3f7a470aed --- /dev/null +++ b/2022/CVE-2022-41113.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937127, + "name": "CVE-2022-41113", + "full_name": "Live-Hack-CVE\/CVE-2022-41113", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41113", + "description": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:53Z", + "updated_at": "2022-12-28T09:34:53Z", + "pushed_at": "2022-12-28T09:34:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41114.json b/2022/CVE-2022-41114.json new file mode 100644 index 0000000000..d808b444fa --- /dev/null +++ b/2022/CVE-2022-41114.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937103, + "name": "CVE-2022-41114", + "full_name": "Live-Hack-CVE\/CVE-2022-41114", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41114", + "description": "Windows Bind Filter Driver Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:50Z", + "updated_at": "2022-12-28T09:34:50Z", + "pushed_at": "2022-12-28T09:34:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41116.json b/2022/CVE-2022-41116.json new file mode 100644 index 0000000000..1cfcae672a --- /dev/null +++ b/2022/CVE-2022-41116.json @@ -0,0 +1,31 @@ +[ + { + "id": 582937085, + "name": "CVE-2022-41116", + "full_name": "Live-Hack-CVE\/CVE-2022-41116", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41116", + "description": "Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:34:46Z", + "updated_at": "2022-12-28T09:34:46Z", + "pushed_at": "2022-12-28T09:34:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41118.json b/2022/CVE-2022-41118.json new file mode 100644 index 0000000000..fb66bd051b --- /dev/null +++ b/2022/CVE-2022-41118.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948117, + "name": "CVE-2022-41118", + "full_name": "Live-Hack-CVE\/CVE-2022-41118", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41118", + "description": "Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:32Z", + "updated_at": "2022-12-28T10:13:33Z", + "pushed_at": "2022-12-28T10:13:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41119.json b/2022/CVE-2022-41119.json new file mode 100644 index 0000000000..1f6564f219 --- /dev/null +++ b/2022/CVE-2022-41119.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948067, + "name": "CVE-2022-41119", + "full_name": "Live-Hack-CVE\/CVE-2022-41119", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41119", + "description": "Visual Studio Remote Code Execution Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:22Z", + "updated_at": "2022-12-28T10:13:22Z", + "pushed_at": "2022-12-28T10:13:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41120.json b/2022/CVE-2022-41120.json new file mode 100644 index 0000000000..cd357d8390 --- /dev/null +++ b/2022/CVE-2022-41120.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935496, + "name": "CVE-2022-41120", + "full_name": "Live-Hack-CVE\/CVE-2022-41120", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41120", + "description": "Microsoft Windows Sysmon Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:11Z", + "updated_at": "2022-12-28T09:29:11Z", + "pushed_at": "2022-12-28T09:29:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41122.json b/2022/CVE-2022-41122.json new file mode 100644 index 0000000000..a50de446a2 --- /dev/null +++ b/2022/CVE-2022-41122.json @@ -0,0 +1,31 @@ +[ + { + "id": 582948040, + "name": "CVE-2022-41122", + "full_name": "Live-Hack-CVE\/CVE-2022-41122", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41122", + "description": "Microsoft SharePoint Server Spoofing Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:13:15Z", + "updated_at": "2022-12-28T10:13:15Z", + "pushed_at": "2022-12-28T10:13:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41123.json b/2022/CVE-2022-41123.json new file mode 100644 index 0000000000..48123c8bc7 --- /dev/null +++ b/2022/CVE-2022-41123.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959093, + "name": "CVE-2022-41123", + "full_name": "Live-Hack-CVE\/CVE-2022-41123", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41123", + "description": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:53:37Z", + "updated_at": "2022-12-28T10:53:37Z", + "pushed_at": "2022-12-28T10:53:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41125.json b/2022/CVE-2022-41125.json new file mode 100644 index 0000000000..ad9a5ddc9e --- /dev/null +++ b/2022/CVE-2022-41125.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959153, + "name": "CVE-2022-41125", + "full_name": "Live-Hack-CVE\/CVE-2022-41125", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41125", + "description": "Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:53:50Z", + "updated_at": "2022-12-28T10:53:50Z", + "pushed_at": "2022-12-28T10:53:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41128.json b/2022/CVE-2022-41128.json new file mode 100644 index 0000000000..559fefb9a8 --- /dev/null +++ b/2022/CVE-2022-41128.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958627, + "name": "CVE-2022-41128", + "full_name": "Live-Hack-CVE\/CVE-2022-41128", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41128", + "description": "Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:48Z", + "updated_at": "2022-12-28T10:51:48Z", + "pushed_at": "2022-12-28T10:51:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41131.json b/2022/CVE-2022-41131.json deleted file mode 100644 index 9f60b6fb2e..0000000000 --- a/2022/CVE-2022-41131.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857310, - "name": "CVE-2022-41131", - "full_name": "Live-Hack-CVE\/CVE-2022-41131", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41131", - "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:30Z", - "updated_at": "2022-12-28T03:59:30Z", - "pushed_at": "2022-12-28T03:59:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41132.json b/2022/CVE-2022-41132.json deleted file mode 100644 index 0bce2712b2..0000000000 --- a/2022/CVE-2022-41132.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873854, - "name": "CVE-2022-41132", - "full_name": "Live-Hack-CVE\/CVE-2022-41132", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41132", - "description": "Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:40Z", - "updated_at": "2022-12-28T05:23:40Z", - "pushed_at": "2022-12-28T05:23:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41135.json b/2022/CVE-2022-41135.json deleted file mode 100644 index ae975656ab..0000000000 --- a/2022/CVE-2022-41135.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864622, - "name": "CVE-2022-41135", - "full_name": "Live-Hack-CVE\/CVE-2022-41135", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41135", - "description": "Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:49Z", - "updated_at": "2022-12-28T04:37:49Z", - "pushed_at": "2022-12-28T04:37:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41136.json b/2022/CVE-2022-41136.json new file mode 100644 index 0000000000..3ef896d09b --- /dev/null +++ b/2022/CVE-2022-41136.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971001, + "name": "CVE-2022-41136", + "full_name": "Live-Hack-CVE\/CVE-2022-41136", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41136", + "description": "Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:17Z", + "updated_at": "2022-12-28T11:37:17Z", + "pushed_at": "2022-12-28T11:37:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41155.json b/2022/CVE-2022-41155.json deleted file mode 100644 index e5c0e6dc49..0000000000 --- a/2022/CVE-2022-41155.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871944, - "name": "CVE-2022-41155", - "full_name": "Live-Hack-CVE\/CVE-2022-41155", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41155", - "description": "Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:20Z", - "updated_at": "2022-12-28T05:15:20Z", - "pushed_at": "2022-12-28T05:15:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41156.json b/2022/CVE-2022-41156.json deleted file mode 100644 index 05062eb5f9..0000000000 --- a/2022/CVE-2022-41156.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833980, - "name": "CVE-2022-41156", - "full_name": "Live-Hack-CVE\/CVE-2022-41156", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41156", - "description": "Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:58:17Z", - "updated_at": "2022-12-28T01:58:17Z", - "pushed_at": "2022-12-28T01:58:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41158.json b/2022/CVE-2022-41158.json deleted file mode 100644 index 485f821edb..0000000000 --- a/2022/CVE-2022-41158.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840410, - "name": "CVE-2022-41158", - "full_name": "Live-Hack-CVE\/CVE-2022-41158", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41158", - "description": "Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:25Z", - "updated_at": "2022-12-28T02:31:25Z", - "pushed_at": "2022-12-28T02:31:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4116.json b/2022/CVE-2022-4116.json deleted file mode 100644 index d1234e00c8..0000000000 --- a/2022/CVE-2022-4116.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832484, - "name": "CVE-2022-4116", - "full_name": "Live-Hack-CVE\/CVE-2022-4116", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4116", - "description": "A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:32Z", - "updated_at": "2022-12-28T01:50:32Z", - "pushed_at": "2022-12-28T01:50:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41203.json b/2022/CVE-2022-41203.json new file mode 100644 index 0000000000..78d248d1c8 --- /dev/null +++ b/2022/CVE-2022-41203.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970369, + "name": "CVE-2022-41203", + "full_name": "Live-Hack-CVE\/CVE-2022-41203", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41203", + "description": "In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. Th CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:02Z", + "updated_at": "2022-12-28T11:35:02Z", + "pushed_at": "2022-12-28T11:35:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41207.json b/2022/CVE-2022-41207.json new file mode 100644 index 0000000000..37fef68b69 --- /dev/null +++ b/2022/CVE-2022-41207.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970410, + "name": "CVE-2022-41207", + "full_name": "Live-Hack-CVE\/CVE-2022-41207", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41207", + "description": "SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:12Z", + "updated_at": "2022-12-28T11:35:12Z", + "pushed_at": "2022-12-28T11:35:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41212.json b/2022/CVE-2022-41212.json new file mode 100644 index 0000000000..47544abf65 --- /dev/null +++ b/2022/CVE-2022-41212.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970444, + "name": "CVE-2022-41212", + "full_name": "Live-Hack-CVE\/CVE-2022-41212", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41212", + "description": "Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the applicati CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:19Z", + "updated_at": "2022-12-28T11:35:19Z", + "pushed_at": "2022-12-28T11:35:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41223.json b/2022/CVE-2022-41223.json deleted file mode 100644 index ccc4019349..0000000000 --- a/2022/CVE-2022-41223.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863955, - "name": "CVE-2022-41223", - "full_name": "Live-Hack-CVE\/CVE-2022-41223", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41223", - "description": "The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:26Z", - "updated_at": "2022-12-28T04:34:26Z", - "pushed_at": "2022-12-28T04:34:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41235.json b/2022/CVE-2022-41235.json deleted file mode 100644 index 3d36717ec0..0000000000 --- a/2022/CVE-2022-41235.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849688, - "name": "CVE-2022-41235", - "full_name": "Live-Hack-CVE\/CVE-2022-41235", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41235", - "description": "Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:19:00Z", - "updated_at": "2022-12-28T03:19:00Z", - "pushed_at": "2022-12-28T03:19:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41259.json b/2022/CVE-2022-41259.json new file mode 100644 index 0000000000..f8b96cb9a6 --- /dev/null +++ b/2022/CVE-2022-41259.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970466, + "name": "CVE-2022-41259", + "full_name": "Live-Hack-CVE\/CVE-2022-41259", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41259", + "description": "SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:35:23Z", + "updated_at": "2022-12-28T11:35:23Z", + "pushed_at": "2022-12-28T11:35:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4127.json b/2022/CVE-2022-4127.json deleted file mode 100644 index 26e2b679d4..0000000000 --- a/2022/CVE-2022-4127.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839832, - "name": "CVE-2022-4127", - "full_name": "Live-Hack-CVE\/CVE-2022-4127", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4127", - "description": "A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:28:36Z", - "updated_at": "2022-12-28T02:28:36Z", - "pushed_at": "2022-12-28T02:28:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4128.json b/2022/CVE-2022-4128.json deleted file mode 100644 index f4c7cfb193..0000000000 --- a/2022/CVE-2022-4128.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839966, - "name": "CVE-2022-4128", - "full_name": "Live-Hack-CVE\/CVE-2022-4128", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4128", - "description": "A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:24Z", - "updated_at": "2022-12-28T02:29:24Z", - "pushed_at": "2022-12-28T02:29:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4129.json b/2022/CVE-2022-4129.json deleted file mode 100644 index 29f3898bc1..0000000000 --- a/2022/CVE-2022-4129.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817745, - "name": "CVE-2022-4129", - "full_name": "Live-Hack-CVE\/CVE-2022-4129", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4129", - "description": "A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:25:03Z", - "updated_at": "2022-12-28T00:25:03Z", - "pushed_at": "2022-12-28T00:25:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41315.json b/2022/CVE-2022-41315.json deleted file mode 100644 index d007be8480..0000000000 --- a/2022/CVE-2022-41315.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873864, - "name": "CVE-2022-41315", - "full_name": "Live-Hack-CVE\/CVE-2022-41315", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41315", - "description": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:43Z", - "updated_at": "2022-12-28T05:23:43Z", - "pushed_at": "2022-12-28T05:23:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41316.json b/2022/CVE-2022-41316.json deleted file mode 100644 index 1e58d7f881..0000000000 --- a/2022/CVE-2022-41316.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818128, - "name": "CVE-2022-41316", - "full_name": "Live-Hack-CVE\/CVE-2022-41316", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41316", - "description": "HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:27:09Z", - "updated_at": "2022-12-28T00:27:09Z", - "pushed_at": "2022-12-28T00:27:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41323.json b/2022/CVE-2022-41323.json deleted file mode 100644 index ccf53104c9..0000000000 --- a/2022/CVE-2022-41323.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848697, - "name": "CVE-2022-41323", - "full_name": "Live-Hack-CVE\/CVE-2022-41323", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41323", - "description": "In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:52Z", - "updated_at": "2022-12-28T03:13:52Z", - "pushed_at": "2022-12-28T03:13:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41326.json b/2022/CVE-2022-41326.json deleted file mode 100644 index f312191338..0000000000 --- a/2022/CVE-2022-41326.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863921, - "name": "CVE-2022-41326", - "full_name": "Live-Hack-CVE\/CVE-2022-41326", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41326", - "description": "The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:16Z", - "updated_at": "2022-12-28T04:34:16Z", - "pushed_at": "2022-12-28T04:34:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41339.json b/2022/CVE-2022-41339.json new file mode 100644 index 0000000000..be9414d1ba --- /dev/null +++ b/2022/CVE-2022-41339.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924174, + "name": "CVE-2022-41339", + "full_name": "Live-Hack-CVE\/CVE-2022-41339", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41339", + "description": "In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:11Z", + "updated_at": "2022-12-28T08:48:11Z", + "pushed_at": "2022-12-28T08:48:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4135.json b/2022/CVE-2022-4135.json deleted file mode 100644 index 030b3a3f65..0000000000 --- a/2022/CVE-2022-4135.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848983, - "name": "CVE-2022-4135", - "full_name": "Live-Hack-CVE\/CVE-2022-4135", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4135", - "description": "Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:15:27Z", - "updated_at": "2022-12-28T03:15:27Z", - "pushed_at": "2022-12-28T03:15:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41352.json b/2022/CVE-2022-41352.json new file mode 100644 index 0000000000..03ab103b0d --- /dev/null +++ b/2022/CVE-2022-41352.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969121, + "name": "CVE-2022-41352", + "full_name": "Live-Hack-CVE\/CVE-2022-41352", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41352", + "description": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to \/opt\/zimbra\/jetty\/webapps\/zimbra\/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prer CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:37Z", + "updated_at": "2022-12-28T11:30:37Z", + "pushed_at": "2022-12-28T11:30:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4136.json b/2022/CVE-2022-4136.json deleted file mode 100644 index 95958673d0..0000000000 --- a/2022/CVE-2022-4136.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841427, - "name": "CVE-2022-4136", - "full_name": "Live-Hack-CVE\/CVE-2022-4136", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4136", - "description": "Dangerous method exposed which can lead to RCE in qmpass\/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:27Z", - "updated_at": "2022-12-28T02:36:27Z", - "pushed_at": "2022-12-28T02:36:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41395.json b/2022/CVE-2022-41395.json deleted file mode 100644 index e1039225a4..0000000000 --- a/2022/CVE-2022-41395.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582842089, - "name": "CVE-2022-41395", - "full_name": "Live-Hack-CVE\/CVE-2022-41395", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41395", - "description": "Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:39:42Z", - "updated_at": "2022-12-28T02:39:42Z", - "pushed_at": "2022-12-28T02:39:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41396.json b/2022/CVE-2022-41396.json deleted file mode 100644 index 70179b8a68..0000000000 --- a/2022/CVE-2022-41396.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582842103, - "name": "CVE-2022-41396", - "full_name": "Live-Hack-CVE\/CVE-2022-41396", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41396", - "description": "Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:39:45Z", - "updated_at": "2022-12-28T02:39:45Z", - "pushed_at": "2022-12-28T02:39:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41404.json b/2022/CVE-2022-41404.json deleted file mode 100644 index d266df4ef8..0000000000 --- a/2022/CVE-2022-41404.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848704, - "name": "CVE-2022-41404", - "full_name": "Live-Hack-CVE\/CVE-2022-41404", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41404", - "description": "An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:55Z", - "updated_at": "2022-12-28T03:13:55Z", - "pushed_at": "2022-12-28T03:13:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41412.json b/2022/CVE-2022-41412.json deleted file mode 100644 index 88a7700d29..0000000000 --- a/2022/CVE-2022-41412.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832592, - "name": "CVE-2022-41412", - "full_name": "Live-Hack-CVE\/CVE-2022-41412", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41412", - "description": "An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:07Z", - "updated_at": "2022-12-28T01:51:07Z", - "pushed_at": "2022-12-28T01:51:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41413.json b/2022/CVE-2022-41413.json deleted file mode 100644 index 80b022ed55..0000000000 --- a/2022/CVE-2022-41413.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832584, - "name": "CVE-2022-41413", - "full_name": "Live-Hack-CVE\/CVE-2022-41413", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41413", - "description": "perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:04Z", - "updated_at": "2022-12-28T01:51:04Z", - "pushed_at": "2022-12-28T01:51:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41432.json b/2022/CVE-2022-41432.json new file mode 100644 index 0000000000..9857ad2ac9 --- /dev/null +++ b/2022/CVE-2022-41432.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981922, + "name": "CVE-2022-41432", + "full_name": "Live-Hack-CVE\/CVE-2022-41432", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41432", + "description": "EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component \/module\/report_event\/index.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:24Z", + "updated_at": "2022-12-28T12:16:24Z", + "pushed_at": "2022-12-28T12:16:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41433.json b/2022/CVE-2022-41433.json new file mode 100644 index 0000000000..733aecc2a7 --- /dev/null +++ b/2022/CVE-2022-41433.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981931, + "name": "CVE-2022-41433", + "full_name": "Live-Hack-CVE\/CVE-2022-41433", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41433", + "description": "EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component \/module\/admin_bp\/add_application.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:28Z", + "updated_at": "2022-12-28T12:16:28Z", + "pushed_at": "2022-12-28T12:16:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41434.json b/2022/CVE-2022-41434.json new file mode 100644 index 0000000000..1020473067 --- /dev/null +++ b/2022/CVE-2022-41434.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981955, + "name": "CVE-2022-41434", + "full_name": "Live-Hack-CVE\/CVE-2022-41434", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41434", + "description": "EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component \/lilac\/main.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:31Z", + "updated_at": "2022-12-28T12:16:31Z", + "pushed_at": "2022-12-28T12:16:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41445.json b/2022/CVE-2022-41445.json deleted file mode 100644 index 1269cc3301..0000000000 --- a/2022/CVE-2022-41445.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864793, - "name": "CVE-2022-41445", - "full_name": "Live-Hack-CVE\/CVE-2022-41445", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41445", - "description": "A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:48Z", - "updated_at": "2022-12-28T04:38:48Z", - "pushed_at": "2022-12-28T04:38:50Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41446.json b/2022/CVE-2022-41446.json deleted file mode 100644 index d82a584d2e..0000000000 --- a/2022/CVE-2022-41446.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856674, - "name": "CVE-2022-41446", - "full_name": "Live-Hack-CVE\/CVE-2022-41446", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41446", - "description": "An access control issue in \/Admin\/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:07Z", - "updated_at": "2022-12-28T03:56:07Z", - "pushed_at": "2022-12-28T03:56:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41556.json b/2022/CVE-2022-41556.json deleted file mode 100644 index bbd94e4c26..0000000000 --- a/2022/CVE-2022-41556.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819363, - "name": "CVE-2022-41556", - "full_name": "Live-Hack-CVE\/CVE-2022-41556", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41556", - "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP\/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fix CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:34:00Z", - "updated_at": "2022-12-28T00:34:00Z", - "pushed_at": "2022-12-28T00:34:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41568.json b/2022/CVE-2022-41568.json deleted file mode 100644 index 9588362f0b..0000000000 --- a/2022/CVE-2022-41568.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832474, - "name": "CVE-2022-41568", - "full_name": "Live-Hack-CVE\/CVE-2022-41568", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41568", - "description": "LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:29Z", - "updated_at": "2022-12-28T01:50:29Z", - "pushed_at": "2022-12-28T01:50:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41607.json b/2022/CVE-2022-41607.json new file mode 100644 index 0000000000..1c641c5498 --- /dev/null +++ b/2022/CVE-2022-41607.json @@ -0,0 +1,31 @@ +[ + { + "id": 582933783, + "name": "CVE-2022-41607", + "full_name": "Live-Hack-CVE\/CVE-2022-41607", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41607", + "description": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:23:30Z", + "updated_at": "2022-12-28T09:23:30Z", + "pushed_at": "2022-12-28T09:23:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41611.json b/2022/CVE-2022-41611.json new file mode 100644 index 0000000000..b35ccbc513 --- /dev/null +++ b/2022/CVE-2022-41611.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922818, + "name": "CVE-2022-41611", + "full_name": "Live-Hack-CVE\/CVE-2022-41611", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41611", + "description": "Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:04Z", + "updated_at": "2022-12-28T08:43:04Z", + "pushed_at": "2022-12-28T08:43:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41615.json b/2022/CVE-2022-41615.json deleted file mode 100644 index de54c13f75..0000000000 --- a/2022/CVE-2022-41615.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864596, - "name": "CVE-2022-41615", - "full_name": "Live-Hack-CVE\/CVE-2022-41615", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41615", - "description": "Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:42Z", - "updated_at": "2022-12-28T04:37:42Z", - "pushed_at": "2022-12-28T04:37:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41618.json b/2022/CVE-2022-41618.json deleted file mode 100644 index d9795c2cea..0000000000 --- a/2022/CVE-2022-41618.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856519, - "name": "CVE-2022-41618", - "full_name": "Live-Hack-CVE\/CVE-2022-41618", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41618", - "description": "Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:15Z", - "updated_at": "2022-12-28T03:55:15Z", - "pushed_at": "2022-12-28T03:55:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41634.json b/2022/CVE-2022-41634.json deleted file mode 100644 index 215f55c6d4..0000000000 --- a/2022/CVE-2022-41634.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865081, - "name": "CVE-2022-41634", - "full_name": "Live-Hack-CVE\/CVE-2022-41634", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41634", - "description": "Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:13Z", - "updated_at": "2022-12-28T04:40:13Z", - "pushed_at": "2022-12-28T04:40:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41643.json b/2022/CVE-2022-41643.json deleted file mode 100644 index aa1779eadc..0000000000 --- a/2022/CVE-2022-41643.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865133, - "name": "CVE-2022-41643", - "full_name": "Live-Hack-CVE\/CVE-2022-41643", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41643", - "description": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:29Z", - "updated_at": "2022-12-28T04:40:29Z", - "pushed_at": "2022-12-28T04:40:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41655.json b/2022/CVE-2022-41655.json deleted file mode 100644 index bf30feafa7..0000000000 --- a/2022/CVE-2022-41655.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865139, - "name": "CVE-2022-41655", - "full_name": "Live-Hack-CVE\/CVE-2022-41655", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41655", - "description": "Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:33Z", - "updated_at": "2022-12-28T04:40:33Z", - "pushed_at": "2022-12-28T04:40:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41669.json b/2022/CVE-2022-41669.json new file mode 100644 index 0000000000..f938d5c712 --- /dev/null +++ b/2022/CVE-2022-41669.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981519, + "name": "CVE-2022-41669", + "full_name": "Live-Hack-CVE\/CVE-2022-41669", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41669", + "description": "A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro- CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:55Z", + "updated_at": "2022-12-28T12:14:55Z", + "pushed_at": "2022-12-28T12:14:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41670.json b/2022/CVE-2022-41670.json new file mode 100644 index 0000000000..d23d721d67 --- /dev/null +++ b/2022/CVE-2022-41670.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981495, + "name": "CVE-2022-41670", + "full_name": "Live-Hack-CVE\/CVE-2022-41670", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41670", + "description": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3 CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:51Z", + "updated_at": "2022-12-28T12:14:51Z", + "pushed_at": "2022-12-28T12:14:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41671.json b/2022/CVE-2022-41671.json new file mode 100644 index 0000000000..67f236cc7d --- /dev/null +++ b/2022/CVE-2022-41671.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981476, + "name": "CVE-2022-41671", + "full_name": "Live-Hack-CVE\/CVE-2022-41671", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41671", + "description": "A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Op CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:47Z", + "updated_at": "2022-12-28T12:14:47Z", + "pushed_at": "2022-12-28T12:14:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41675.json b/2022/CVE-2022-41675.json deleted file mode 100644 index 10d6b586d9..0000000000 --- a/2022/CVE-2022-41675.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840352, - "name": "CVE-2022-41675", - "full_name": "Live-Hack-CVE\/CVE-2022-41675", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41675", - "description": "A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:08Z", - "updated_at": "2022-12-28T02:31:08Z", - "pushed_at": "2022-12-28T02:31:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41676.json b/2022/CVE-2022-41676.json deleted file mode 100644 index 79b280f5a7..0000000000 --- a/2022/CVE-2022-41676.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840422, - "name": "CVE-2022-41676", - "full_name": "Live-Hack-CVE\/CVE-2022-41676", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41676", - "description": "Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:28Z", - "updated_at": "2022-12-28T02:31:28Z", - "pushed_at": "2022-12-28T02:31:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41685.json b/2022/CVE-2022-41685.json deleted file mode 100644 index 6237b58052..0000000000 --- a/2022/CVE-2022-41685.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865233, - "name": "CVE-2022-41685", - "full_name": "Live-Hack-CVE\/CVE-2022-41685", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41685", - "description": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:41:03Z", - "updated_at": "2022-12-28T04:41:03Z", - "pushed_at": "2022-12-28T04:41:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4169.json b/2022/CVE-2022-4169.json deleted file mode 100644 index 7da9ac703f..0000000000 --- a/2022/CVE-2022-4169.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833218, - "name": "CVE-2022-4169", - "full_name": "Live-Hack-CVE\/CVE-2022-4169", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4169", - "description": "The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settin CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:36Z", - "updated_at": "2022-12-28T01:54:36Z", - "pushed_at": "2022-12-28T01:54:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41705.json b/2022/CVE-2022-41705.json deleted file mode 100644 index efd2b23dc7..0000000000 --- a/2022/CVE-2022-41705.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841697, - "name": "CVE-2022-41705", - "full_name": "Live-Hack-CVE\/CVE-2022-41705", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41705", - "description": "Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:56Z", - "updated_at": "2022-12-28T02:37:56Z", - "pushed_at": "2022-12-28T02:37:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41706.json b/2022/CVE-2022-41706.json deleted file mode 100644 index ec0ba66ee1..0000000000 --- a/2022/CVE-2022-41706.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840362, - "name": "CVE-2022-41706", - "full_name": "Live-Hack-CVE\/CVE-2022-41706", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41706", - "description": "Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:11Z", - "updated_at": "2022-12-28T02:31:11Z", - "pushed_at": "2022-12-28T02:31:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41712.json b/2022/CVE-2022-41712.json deleted file mode 100644 index b723e01fe1..0000000000 --- a/2022/CVE-2022-41712.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841738, - "name": "CVE-2022-41712", - "full_name": "Live-Hack-CVE\/CVE-2022-41712", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41712", - "description": "Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:07Z", - "updated_at": "2022-12-28T02:38:07Z", - "pushed_at": "2022-12-28T02:38:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41719.json b/2022/CVE-2022-41719.json new file mode 100644 index 0000000000..245bee3049 --- /dev/null +++ b/2022/CVE-2022-41719.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935968, + "name": "CVE-2022-41719", + "full_name": "Live-Hack-CVE\/CVE-2022-41719", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41719", + "description": "Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:40Z", + "updated_at": "2022-12-28T09:30:40Z", + "pushed_at": "2022-12-28T09:30:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41732.json b/2022/CVE-2022-41732.json deleted file mode 100644 index 16676ba5d8..0000000000 --- a/2022/CVE-2022-41732.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833287, - "name": "CVE-2022-41732", - "full_name": "Live-Hack-CVE\/CVE-2022-41732", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41732", - "description": "IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:50Z", - "updated_at": "2022-12-28T01:54:50Z", - "pushed_at": "2022-12-28T01:54:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4174.json b/2022/CVE-2022-4174.json deleted file mode 100644 index 78f7f08a54..0000000000 --- a/2022/CVE-2022-4174.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832864, - "name": "CVE-2022-4174", - "full_name": "Live-Hack-CVE\/CVE-2022-4174", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4174", - "description": "Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:39Z", - "updated_at": "2022-12-28T01:52:39Z", - "pushed_at": "2022-12-28T01:52:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41741.json b/2022/CVE-2022-41741.json deleted file mode 100644 index fc08570bfe..0000000000 --- a/2022/CVE-2022-41741.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819180, - "name": "CVE-2022-41741", - "full_name": "Live-Hack-CVE\/CVE-2022-41741", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41741", - "description": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or p CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:01Z", - "updated_at": "2022-12-28T00:33:01Z", - "pushed_at": "2022-12-28T00:33:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41742.json b/2022/CVE-2022-41742.json deleted file mode 100644 index 1feeb45eb5..0000000000 --- a/2022/CVE-2022-41742.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871985, - "name": "CVE-2022-41742", - "full_name": "Live-Hack-CVE\/CVE-2022-41742", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41742", - "description": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker proces CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:34Z", - "updated_at": "2022-12-28T05:15:34Z", - "pushed_at": "2022-12-28T05:15:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4175.json b/2022/CVE-2022-4175.json deleted file mode 100644 index 41afca6b05..0000000000 --- a/2022/CVE-2022-4175.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832875, - "name": "CVE-2022-4175", - "full_name": "Live-Hack-CVE\/CVE-2022-4175", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4175", - "description": "Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:43Z", - "updated_at": "2022-12-28T01:52:43Z", - "pushed_at": "2022-12-28T01:52:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41751.json b/2022/CVE-2022-41751.json deleted file mode 100644 index 81b798605b..0000000000 --- a/2022/CVE-2022-41751.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817732, - "name": "CVE-2022-41751", - "full_name": "Live-Hack-CVE\/CVE-2022-41751", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41751", - "description": "Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:59Z", - "updated_at": "2022-12-28T00:24:59Z", - "pushed_at": "2022-12-28T00:25:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41757.json b/2022/CVE-2022-41757.json new file mode 100644 index 0000000000..a2e391526d --- /dev/null +++ b/2022/CVE-2022-41757.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969755, + "name": "CVE-2022-41757", + "full_name": "Live-Hack-CVE\/CVE-2022-41757", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41757", + "description": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:59Z", + "updated_at": "2022-12-28T11:32:59Z", + "pushed_at": "2022-12-28T11:33:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4176.json b/2022/CVE-2022-4176.json deleted file mode 100644 index 4d2a53d457..0000000000 --- a/2022/CVE-2022-4176.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832881, - "name": "CVE-2022-4176", - "full_name": "Live-Hack-CVE\/CVE-2022-4176", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4176", - "description": "Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:47Z", - "updated_at": "2022-12-28T01:52:47Z", - "pushed_at": "2022-12-28T01:52:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4177.json b/2022/CVE-2022-4177.json deleted file mode 100644 index 8b45ebe2a1..0000000000 --- a/2022/CVE-2022-4177.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832763, - "name": "CVE-2022-4177", - "full_name": "Live-Hack-CVE\/CVE-2022-4177", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4177", - "description": "Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:08Z", - "updated_at": "2022-12-28T01:52:09Z", - "pushed_at": "2022-12-28T01:52:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41775.json b/2022/CVE-2022-41775.json new file mode 100644 index 0000000000..723704f267 --- /dev/null +++ b/2022/CVE-2022-41775.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891800, + "name": "CVE-2022-41775", + "full_name": "Live-Hack-CVE\/CVE-2022-41775", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41775", + "description": "SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:50Z", + "updated_at": "2022-12-28T06:40:50Z", + "pushed_at": "2022-12-28T06:40:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4178.json b/2022/CVE-2022-4178.json deleted file mode 100644 index 0e7ea2f94d..0000000000 --- a/2022/CVE-2022-4178.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832777, - "name": "CVE-2022-4178", - "full_name": "Live-Hack-CVE\/CVE-2022-4178", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4178", - "description": "Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:12Z", - "updated_at": "2022-12-28T01:52:12Z", - "pushed_at": "2022-12-28T01:52:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41788.json b/2022/CVE-2022-41788.json deleted file mode 100644 index 785d5559a9..0000000000 --- a/2022/CVE-2022-41788.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865513, - "name": "CVE-2022-41788", - "full_name": "Live-Hack-CVE\/CVE-2022-41788", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41788", - "description": "Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:33Z", - "updated_at": "2022-12-28T04:42:33Z", - "pushed_at": "2022-12-28T04:42:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41789.json b/2022/CVE-2022-41789.json new file mode 100644 index 0000000000..82943b7b91 --- /dev/null +++ b/2022/CVE-2022-41789.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922896, + "name": "CVE-2022-41789", + "full_name": "Live-Hack-CVE\/CVE-2022-41789", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41789", + "description": "Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:22Z", + "updated_at": "2022-12-28T08:43:22Z", + "pushed_at": "2022-12-28T08:43:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4179.json b/2022/CVE-2022-4179.json deleted file mode 100644 index bb43f499fb..0000000000 --- a/2022/CVE-2022-4179.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832801, - "name": "CVE-2022-4179", - "full_name": "Live-Hack-CVE\/CVE-2022-4179", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4179", - "description": "Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:20Z", - "updated_at": "2022-12-28T01:52:20Z", - "pushed_at": "2022-12-28T01:52:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41791.json b/2022/CVE-2022-41791.json deleted file mode 100644 index a693c35b1e..0000000000 --- a/2022/CVE-2022-41791.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873904, - "name": "CVE-2022-41791", - "full_name": "Live-Hack-CVE\/CVE-2022-41791", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41791", - "description": "Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:23:56Z", - "updated_at": "2022-12-28T05:23:56Z", - "pushed_at": "2022-12-28T05:23:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4180.json b/2022/CVE-2022-4180.json deleted file mode 100644 index bf015123b9..0000000000 --- a/2022/CVE-2022-4180.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832785, - "name": "CVE-2022-4180", - "full_name": "Live-Hack-CVE\/CVE-2022-4180", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4180", - "description": "Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:16Z", - "updated_at": "2022-12-28T01:52:16Z", - "pushed_at": "2022-12-28T01:52:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4181.json b/2022/CVE-2022-4181.json deleted file mode 100644 index 0e7ce8d642..0000000000 --- a/2022/CVE-2022-4181.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832812, - "name": "CVE-2022-4181", - "full_name": "Live-Hack-CVE\/CVE-2022-4181", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4181", - "description": "Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:24Z", - "updated_at": "2022-12-28T01:52:24Z", - "pushed_at": "2022-12-28T01:52:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41814.json b/2022/CVE-2022-41814.json new file mode 100644 index 0000000000..57223b2629 --- /dev/null +++ b/2022/CVE-2022-41814.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922865, + "name": "CVE-2022-41814", + "full_name": "Live-Hack-CVE\/CVE-2022-41814", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41814", + "description": "Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:16Z", + "updated_at": "2022-12-28T08:43:16Z", + "pushed_at": "2022-12-28T08:43:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4182.json b/2022/CVE-2022-4182.json deleted file mode 100644 index 5fedc05a0f..0000000000 --- a/2022/CVE-2022-4182.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832822, - "name": "CVE-2022-4182", - "full_name": "Live-Hack-CVE\/CVE-2022-4182", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4182", - "description": "Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:28Z", - "updated_at": "2022-12-28T01:52:28Z", - "pushed_at": "2022-12-28T01:52:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4183.json b/2022/CVE-2022-4183.json deleted file mode 100644 index 886944c1a1..0000000000 --- a/2022/CVE-2022-4183.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832832, - "name": "CVE-2022-4183", - "full_name": "Live-Hack-CVE\/CVE-2022-4183", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4183", - "description": "Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:31Z", - "updated_at": "2022-12-28T01:52:31Z", - "pushed_at": "2022-12-28T01:52:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41839.json b/2022/CVE-2022-41839.json deleted file mode 100644 index 713b431e48..0000000000 --- a/2022/CVE-2022-41839.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872357, - "name": "CVE-2022-41839", - "full_name": "Live-Hack-CVE\/CVE-2022-41839", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41839", - "description": "Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:14Z", - "updated_at": "2022-12-28T05:17:14Z", - "pushed_at": "2022-12-28T05:17:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4184.json b/2022/CVE-2022-4184.json deleted file mode 100644 index 0e1ddce1d3..0000000000 --- a/2022/CVE-2022-4184.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832846, - "name": "CVE-2022-4184", - "full_name": "Live-Hack-CVE\/CVE-2022-4184", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4184", - "description": "Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:35Z", - "updated_at": "2022-12-28T01:52:35Z", - "pushed_at": "2022-12-28T01:52:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4185.json b/2022/CVE-2022-4185.json deleted file mode 100644 index 82bb95a2ad..0000000000 --- a/2022/CVE-2022-4185.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832893, - "name": "CVE-2022-4185", - "full_name": "Live-Hack-CVE\/CVE-2022-4185", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4185", - "description": "Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:50Z", - "updated_at": "2022-12-28T01:52:50Z", - "pushed_at": "2022-12-28T01:52:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4186.json b/2022/CVE-2022-4186.json deleted file mode 100644 index 303b4a2f46..0000000000 --- a/2022/CVE-2022-4186.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832903, - "name": "CVE-2022-4186", - "full_name": "Live-Hack-CVE\/CVE-2022-4186", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4186", - "description": "Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:54Z", - "updated_at": "2022-12-28T01:52:54Z", - "pushed_at": "2022-12-28T01:52:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4187.json b/2022/CVE-2022-4187.json deleted file mode 100644 index ca53dd10ff..0000000000 --- a/2022/CVE-2022-4187.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832926, - "name": "CVE-2022-4187", - "full_name": "Live-Hack-CVE\/CVE-2022-4187", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4187", - "description": "Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:58Z", - "updated_at": "2022-12-28T01:52:58Z", - "pushed_at": "2022-12-28T01:53:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41873.json b/2022/CVE-2022-41873.json new file mode 100644 index 0000000000..f7e5242523 --- /dev/null +++ b/2022/CVE-2022-41873.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901289, + "name": "CVE-2022-41873", + "full_name": "Live-Hack-CVE\/CVE-2022-41873", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41873", + "description": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:19:25Z", + "updated_at": "2022-12-28T07:19:25Z", + "pushed_at": "2022-12-28T07:19:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41874.json b/2022/CVE-2022-41874.json new file mode 100644 index 0000000000..dabefce5df --- /dev/null +++ b/2022/CVE-2022-41874.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936150, + "name": "CVE-2022-41874", + "full_name": "Live-Hack-CVE\/CVE-2022-41874", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41874", + "description": "Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:19Z", + "updated_at": "2022-12-28T09:31:19Z", + "pushed_at": "2022-12-28T09:31:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41875.json b/2022/CVE-2022-41875.json deleted file mode 100644 index 71f54bed4f..0000000000 --- a/2022/CVE-2022-41875.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841728, - "name": "CVE-2022-41875", - "full_name": "Live-Hack-CVE\/CVE-2022-41875", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41875", - "description": "A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:03Z", - "updated_at": "2022-12-28T02:38:03Z", - "pushed_at": "2022-12-28T02:38:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41876.json b/2022/CVE-2022-41876.json new file mode 100644 index 0000000000..6f8e928e6b --- /dev/null +++ b/2022/CVE-2022-41876.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936169, + "name": "CVE-2022-41876", + "full_name": "Live-Hack-CVE\/CVE-2022-41876", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41876", + "description": "ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:23Z", + "updated_at": "2022-12-28T09:31:23Z", + "pushed_at": "2022-12-28T09:31:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41878.json b/2022/CVE-2022-41878.json new file mode 100644 index 0000000000..864dc1948e --- /dev/null +++ b/2022/CVE-2022-41878.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936216, + "name": "CVE-2022-41878", + "full_name": "Live-Hack-CVE\/CVE-2022-41878", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41878", + "description": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:34Z", + "updated_at": "2022-12-28T09:31:34Z", + "pushed_at": "2022-12-28T09:31:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41879.json b/2022/CVE-2022-41879.json new file mode 100644 index 0000000000..78674fd642 --- /dev/null +++ b/2022/CVE-2022-41879.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936307, + "name": "CVE-2022-41879", + "full_name": "Live-Hack-CVE\/CVE-2022-41879", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41879", + "description": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issu CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:52Z", + "updated_at": "2022-12-28T09:31:53Z", + "pushed_at": "2022-12-28T09:31:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4188.json b/2022/CVE-2022-4188.json deleted file mode 100644 index 545b3bafe6..0000000000 --- a/2022/CVE-2022-4188.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832935, - "name": "CVE-2022-4188", - "full_name": "Live-Hack-CVE\/CVE-2022-4188", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4188", - "description": "Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:02Z", - "updated_at": "2022-12-28T01:53:02Z", - "pushed_at": "2022-12-28T01:53:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41880.json b/2022/CVE-2022-41880.json deleted file mode 100644 index d1643157b2..0000000000 --- a/2022/CVE-2022-41880.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872058, - "name": "CVE-2022-41880", - "full_name": "Live-Hack-CVE\/CVE-2022-41880", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41880", - "description": "TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:51Z", - "updated_at": "2022-12-28T05:15:51Z", - "pushed_at": "2022-12-28T05:15:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41882.json b/2022/CVE-2022-41882.json new file mode 100644 index 0000000000..dd74e4d152 --- /dev/null +++ b/2022/CVE-2022-41882.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924723, + "name": "CVE-2022-41882", + "full_name": "Live-Hack-CVE\/CVE-2022-41882", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41882", + "description": "The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc:\/\/open\/ link it will open the default editor for the file type of the shared file CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:50:21Z", + "updated_at": "2022-12-28T08:50:21Z", + "pushed_at": "2022-12-28T08:50:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41883.json b/2022/CVE-2022-41883.json deleted file mode 100644 index 38d84dc316..0000000000 --- a/2022/CVE-2022-41883.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865054, - "name": "CVE-2022-41883", - "full_name": "Live-Hack-CVE\/CVE-2022-41883", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41883", - "description": "TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick th CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:06Z", - "updated_at": "2022-12-28T04:40:06Z", - "pushed_at": "2022-12-28T04:40:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41884.json b/2022/CVE-2022-41884.json deleted file mode 100644 index e34c06d277..0000000000 --- a/2022/CVE-2022-41884.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872039, - "name": "CVE-2022-41884", - "full_name": "Live-Hack-CVE\/CVE-2022-41884", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41884", - "description": "TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:47Z", - "updated_at": "2022-12-28T05:15:47Z", - "pushed_at": "2022-12-28T05:15:50Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41885.json b/2022/CVE-2022-41885.json deleted file mode 100644 index 02bb897053..0000000000 --- a/2022/CVE-2022-41885.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865146, - "name": "CVE-2022-41885", - "full_name": "Live-Hack-CVE\/CVE-2022-41885", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41885", - "description": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on Tens CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:36Z", - "updated_at": "2022-12-28T04:40:36Z", - "pushed_at": "2022-12-28T04:40:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41886.json b/2022/CVE-2022-41886.json deleted file mode 100644 index c263f5f0f2..0000000000 --- a/2022/CVE-2022-41886.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872024, - "name": "CVE-2022-41886", - "full_name": "Live-Hack-CVE\/CVE-2022-41886", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41886", - "description": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on T CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:44Z", - "updated_at": "2022-12-28T05:15:44Z", - "pushed_at": "2022-12-28T05:15:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41887.json b/2022/CVE-2022-41887.json deleted file mode 100644 index 7874655c7a..0000000000 --- a/2022/CVE-2022-41887.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872010, - "name": "CVE-2022-41887", - "full_name": "Live-Hack-CVE\/CVE-2022-41887", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41887", - "description": "TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issu CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:40Z", - "updated_at": "2022-12-28T05:15:40Z", - "pushed_at": "2022-12-28T05:15:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41888.json b/2022/CVE-2022-41888.json deleted file mode 100644 index ade4c1d0e7..0000000000 --- a/2022/CVE-2022-41888.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872113, - "name": "CVE-2022-41888", - "full_name": "Live-Hack-CVE\/CVE-2022-41888", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41888", - "description": "TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.1 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:05Z", - "updated_at": "2022-12-28T05:16:05Z", - "pushed_at": "2022-12-28T05:16:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41889.json b/2022/CVE-2022-41889.json deleted file mode 100644 index e9c9763c9f..0000000000 --- a/2022/CVE-2022-41889.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872096, - "name": "CVE-2022-41889", - "full_name": "Live-Hack-CVE\/CVE-2022-41889", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41889", - "description": "TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:01Z", - "updated_at": "2022-12-28T05:16:01Z", - "pushed_at": "2022-12-28T05:16:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4189.json b/2022/CVE-2022-4189.json deleted file mode 100644 index 099d3e7285..0000000000 --- a/2022/CVE-2022-4189.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832946, - "name": "CVE-2022-4189", - "full_name": "Live-Hack-CVE\/CVE-2022-4189", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4189", - "description": "Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:06Z", - "updated_at": "2022-12-28T01:53:06Z", - "pushed_at": "2022-12-28T01:53:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41890.json b/2022/CVE-2022-41890.json deleted file mode 100644 index 4d2412d532..0000000000 --- a/2022/CVE-2022-41890.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872085, - "name": "CVE-2022-41890", - "full_name": "Live-Hack-CVE\/CVE-2022-41890", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41890", - "description": "TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:58Z", - "updated_at": "2022-12-28T05:15:58Z", - "pushed_at": "2022-12-28T05:16:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41891.json b/2022/CVE-2022-41891.json deleted file mode 100644 index 7242728884..0000000000 --- a/2022/CVE-2022-41891.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872071, - "name": "CVE-2022-41891", - "full_name": "Live-Hack-CVE\/CVE-2022-41891", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41891", - "description": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included i CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:54Z", - "updated_at": "2022-12-28T05:15:54Z", - "pushed_at": "2022-12-28T05:15:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41892.json b/2022/CVE-2022-41892.json new file mode 100644 index 0000000000..9f6322dfb9 --- /dev/null +++ b/2022/CVE-2022-41892.json @@ -0,0 +1,31 @@ +[ + { + "id": 582935583, + "name": "CVE-2022-41892", + "full_name": "Live-Hack-CVE\/CVE-2022-41892", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41892", + "description": "Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:29:27Z", + "updated_at": "2022-12-28T09:29:27Z", + "pushed_at": "2022-12-28T09:29:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41893.json b/2022/CVE-2022-41893.json deleted file mode 100644 index 3b593dca21..0000000000 --- a/2022/CVE-2022-41893.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872271, - "name": "CVE-2022-41893", - "full_name": "Live-Hack-CVE\/CVE-2022-41893", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41893", - "description": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:51Z", - "updated_at": "2022-12-28T05:16:51Z", - "pushed_at": "2022-12-28T05:16:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41894.json b/2022/CVE-2022-41894.json deleted file mode 100644 index 33284809cd..0000000000 --- a/2022/CVE-2022-41894.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872244, - "name": "CVE-2022-41894", - "full_name": "Live-Hack-CVE\/CVE-2022-41894", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41894", - "description": "TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channe CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:44Z", - "updated_at": "2022-12-28T05:16:44Z", - "pushed_at": "2022-12-28T05:16:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41895.json b/2022/CVE-2022-41895.json deleted file mode 100644 index 6033a2bc4d..0000000000 --- a/2022/CVE-2022-41895.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872195, - "name": "CVE-2022-41895", - "full_name": "Live-Hack-CVE\/CVE-2022-41895", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41895", - "description": "TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit o CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:30Z", - "updated_at": "2022-12-28T05:16:31Z", - "pushed_at": "2022-12-28T05:16:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41896.json b/2022/CVE-2022-41896.json deleted file mode 100644 index 05cb25c8f1..0000000000 --- a/2022/CVE-2022-41896.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872434, - "name": "CVE-2022-41896", - "full_name": "Live-Hack-CVE\/CVE-2022-41896", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41896", - "description": "TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in Tensor CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:38Z", - "updated_at": "2022-12-28T05:17:38Z", - "pushed_at": "2022-12-28T05:17:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41897.json b/2022/CVE-2022-41897.json deleted file mode 100644 index 5d476b7cfc..0000000000 --- a/2022/CVE-2022-41897.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872426, - "name": "CVE-2022-41897", - "full_name": "Live-Hack-CVE\/CVE-2022-41897", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41897", - "description": "TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:35Z", - "updated_at": "2022-12-28T05:17:35Z", - "pushed_at": "2022-12-28T05:17:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41898.json b/2022/CVE-2022-41898.json deleted file mode 100644 index b1ddd722fa..0000000000 --- a/2022/CVE-2022-41898.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872219, - "name": "CVE-2022-41898", - "full_name": "Live-Hack-CVE\/CVE-2022-41898", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41898", - "description": "TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:37Z", - "updated_at": "2022-12-28T05:16:37Z", - "pushed_at": "2022-12-28T05:16:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41899.json b/2022/CVE-2022-41899.json deleted file mode 100644 index 975567c951..0000000000 --- a/2022/CVE-2022-41899.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871928, - "name": "CVE-2022-41899", - "full_name": "Live-Hack-CVE\/CVE-2022-41899", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41899", - "description": "TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherryp CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:16Z", - "updated_at": "2022-12-28T05:15:16Z", - "pushed_at": "2022-12-28T05:15:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4190.json b/2022/CVE-2022-4190.json deleted file mode 100644 index a0f20c7311..0000000000 --- a/2022/CVE-2022-4190.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832954, - "name": "CVE-2022-4190", - "full_name": "Live-Hack-CVE\/CVE-2022-4190", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4190", - "description": "Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:10Z", - "updated_at": "2022-12-28T01:53:10Z", - "pushed_at": "2022-12-28T01:53:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41900.json b/2022/CVE-2022-41900.json deleted file mode 100644 index df740baef6..0000000000 --- a/2022/CVE-2022-41900.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871916, - "name": "CVE-2022-41900", - "full_name": "Live-Hack-CVE\/CVE-2022-41900", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41900", - "description": "TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:13Z", - "updated_at": "2022-12-28T05:15:13Z", - "pushed_at": "2022-12-28T05:15:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41901.json b/2022/CVE-2022-41901.json deleted file mode 100644 index dc022f0640..0000000000 --- a/2022/CVE-2022-41901.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871905, - "name": "CVE-2022-41901", - "full_name": "Live-Hack-CVE\/CVE-2022-41901", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41901", - "description": "TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:10Z", - "updated_at": "2022-12-28T05:15:10Z", - "pushed_at": "2022-12-28T05:15:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41904.json b/2022/CVE-2022-41904.json new file mode 100644 index 0000000000..45ae3b6373 --- /dev/null +++ b/2022/CVE-2022-41904.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924599, + "name": "CVE-2022-41904", + "full_name": "Live-Hack-CVE\/CVE-2022-41904", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41904", + "description": "Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the use CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:49:54Z", + "updated_at": "2022-12-28T08:49:54Z", + "pushed_at": "2022-12-28T08:49:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41905.json b/2022/CVE-2022-41905.json new file mode 100644 index 0000000000..7214517a70 --- /dev/null +++ b/2022/CVE-2022-41905.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924015, + "name": "CVE-2022-41905", + "full_name": "Live-Hack-CVE\/CVE-2022-41905", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41905", + "description": "WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configur CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:33Z", + "updated_at": "2022-12-28T08:47:33Z", + "pushed_at": "2022-12-28T08:47:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41906.json b/2022/CVE-2022-41906.json new file mode 100644 index 0000000000..b989264203 --- /dev/null +++ b/2022/CVE-2022-41906.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924389, + "name": "CVE-2022-41906", + "full_name": "Live-Hack-CVE\/CVE-2022-41906", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41906", + "description": "OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening servic CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:49:00Z", + "updated_at": "2022-12-28T08:49:00Z", + "pushed_at": "2022-12-28T08:49:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41907.json b/2022/CVE-2022-41907.json deleted file mode 100644 index 14ba049df5..0000000000 --- a/2022/CVE-2022-41907.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871892, - "name": "CVE-2022-41907", - "full_name": "Live-Hack-CVE\/CVE-2022-41907", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41907", - "description": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on Te CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:06Z", - "updated_at": "2022-12-28T05:15:06Z", - "pushed_at": "2022-12-28T05:15:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41908.json b/2022/CVE-2022-41908.json deleted file mode 100644 index 5e15778a95..0000000000 --- a/2022/CVE-2022-41908.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871868, - "name": "CVE-2022-41908", - "full_name": "Live-Hack-CVE\/CVE-2022-41908", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41908", - "description": "TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this c CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:14:59Z", - "updated_at": "2022-12-28T05:14:59Z", - "pushed_at": "2022-12-28T05:15:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41909.json b/2022/CVE-2022-41909.json deleted file mode 100644 index 320ab4d0f2..0000000000 --- a/2022/CVE-2022-41909.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865258, - "name": "CVE-2022-41909", - "full_name": "Live-Hack-CVE\/CVE-2022-41909", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41909", - "description": "TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:41:10Z", - "updated_at": "2022-12-28T04:41:10Z", - "pushed_at": "2022-12-28T04:41:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4191.json b/2022/CVE-2022-4191.json deleted file mode 100644 index d3c744adb9..0000000000 --- a/2022/CVE-2022-4191.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832965, - "name": "CVE-2022-4191", - "full_name": "Live-Hack-CVE\/CVE-2022-4191", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4191", - "description": "Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:14Z", - "updated_at": "2022-12-28T01:53:14Z", - "pushed_at": "2022-12-28T01:53:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41911.json b/2022/CVE-2022-41911.json deleted file mode 100644 index b3df99cd7c..0000000000 --- a/2022/CVE-2022-41911.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865244, - "name": "CVE-2022-41911", - "full_name": "Live-Hack-CVE\/CVE-2022-41911", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41911", - "description": "TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers\/fuzzers CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:41:07Z", - "updated_at": "2022-12-28T04:41:07Z", - "pushed_at": "2022-12-28T04:41:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41912.json b/2022/CVE-2022-41912.json deleted file mode 100644 index a73f4ae5ac..0000000000 --- a/2022/CVE-2022-41912.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833760, - "name": "CVE-2022-41912", - "full_name": "Live-Hack-CVE\/CVE-2022-41912", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41912", - "description": "The crewjam\/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:14Z", - "updated_at": "2022-12-28T01:57:14Z", - "pushed_at": "2022-12-28T01:57:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41913.json b/2022/CVE-2022-41913.json new file mode 100644 index 0000000000..68ee4fbfb4 --- /dev/null +++ b/2022/CVE-2022-41913.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902955, + "name": "CVE-2022-41913", + "full_name": "Live-Hack-CVE\/CVE-2022-41913", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41913", + "description": "Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which h CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:25:54Z", + "updated_at": "2022-12-28T07:25:54Z", + "pushed_at": "2022-12-28T07:25:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41914.json b/2022/CVE-2022-41914.json deleted file mode 100644 index 023a59c623..0000000000 --- a/2022/CVE-2022-41914.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874243, - "name": "CVE-2022-41914", - "full_name": "Live-Hack-CVE\/CVE-2022-41914", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41914", - "description": "Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an atta CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:25:21Z", - "updated_at": "2022-12-28T05:25:21Z", - "pushed_at": "2022-12-28T05:25:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41916.json b/2022/CVE-2022-41916.json deleted file mode 100644 index 59ee967f4f..0000000000 --- a/2022/CVE-2022-41916.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582855974, - "name": "CVE-2022-41916", - "full_name": "Live-Hack-CVE\/CVE-2022-41916", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41916", - "description": "Heimdal is an implementation of ASN.1\/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users shoul CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:52:06Z", - "updated_at": "2022-12-28T03:52:06Z", - "pushed_at": "2022-12-28T03:52:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41917.json b/2022/CVE-2022-41917.json new file mode 100644 index 0000000000..9ba9a3019d --- /dev/null +++ b/2022/CVE-2022-41917.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890962, + "name": "CVE-2022-41917", + "full_name": "Live-Hack-CVE\/CVE-2022-41917", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41917", + "description": "OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the firs CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:35Z", + "updated_at": "2022-12-28T06:37:35Z", + "pushed_at": "2022-12-28T06:37:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41919.json b/2022/CVE-2022-41919.json deleted file mode 100644 index 0e5add4c98..0000000000 --- a/2022/CVE-2022-41919.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863748, - "name": "CVE-2022-41919", - "full_name": "Live-Hack-CVE\/CVE-2022-41919", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41919", - "description": "Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as \"application\/x-www-form-urlencoded\", \"multipart\/form-data\", or \"text\/plain\", could potentially be CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:31Z", - "updated_at": "2022-12-28T04:33:31Z", - "pushed_at": "2022-12-28T04:33:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4192.json b/2022/CVE-2022-4192.json deleted file mode 100644 index 9c30cf5e6d..0000000000 --- a/2022/CVE-2022-4192.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832984, - "name": "CVE-2022-4192", - "full_name": "Live-Hack-CVE\/CVE-2022-4192", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4192", - "description": "Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:22Z", - "updated_at": "2022-12-28T01:53:22Z", - "pushed_at": "2022-12-28T01:53:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41920.json b/2022/CVE-2022-41920.json deleted file mode 100644 index 0762c570d3..0000000000 --- a/2022/CVE-2022-41920.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872557, - "name": "CVE-2022-41920", - "full_name": "Live-Hack-CVE\/CVE-2022-41920", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41920", - "description": "Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for th CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:08Z", - "updated_at": "2022-12-28T05:18:08Z", - "pushed_at": "2022-12-28T05:18:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41921.json b/2022/CVE-2022-41921.json deleted file mode 100644 index 46ca07a9dc..0000000000 --- a/2022/CVE-2022-41921.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833840, - "name": "CVE-2022-41921", - "full_name": "Live-Hack-CVE\/CVE-2022-41921", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41921", - "description": "Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workaround CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:39Z", - "updated_at": "2022-12-28T01:57:39Z", - "pushed_at": "2022-12-28T01:57:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41922.json b/2022/CVE-2022-41922.json deleted file mode 100644 index 8e737dd251..0000000000 --- a/2022/CVE-2022-41922.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582842046, - "name": "CVE-2022-41922", - "full_name": "Live-Hack-CVE\/CVE-2022-41922", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41922", - "description": "`yiisoft\/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:39:32Z", - "updated_at": "2022-12-28T02:39:32Z", - "pushed_at": "2022-12-28T02:39:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41923.json b/2022/CVE-2022-41923.json deleted file mode 100644 index 0555834e19..0000000000 --- a/2022/CVE-2022-41923.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840395, - "name": "CVE-2022-41923", - "full_name": "Live-Hack-CVE\/CVE-2022-41923", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41923", - "description": "Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoin CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:21Z", - "updated_at": "2022-12-28T02:31:21Z", - "pushed_at": "2022-12-28T02:31:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41924.json b/2022/CVE-2022-41924.json deleted file mode 100644 index 8311bdf14f..0000000000 --- a/2022/CVE-2022-41924.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840381, - "name": "CVE-2022-41924", - "full_name": "Live-Hack-CVE\/CVE-2022-41924", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41924", - "description": "A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in clearte CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:18Z", - "updated_at": "2022-12-28T02:31:18Z", - "pushed_at": "2022-12-28T02:31:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41925.json b/2022/CVE-2022-41925.json deleted file mode 100644 index bdfe1d5c2d..0000000000 --- a/2022/CVE-2022-41925.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840311, - "name": "CVE-2022-41925", - "full_name": "Live-Hack-CVE\/CVE-2022-41925", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41925", - "description": "A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:30:54Z", - "updated_at": "2022-12-28T02:30:54Z", - "pushed_at": "2022-12-28T02:30:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41926.json b/2022/CVE-2022-41926.json deleted file mode 100644 index b0c498a59c..0000000000 --- a/2022/CVE-2022-41926.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840439, - "name": "CVE-2022-41926", - "full_name": "Live-Hack-CVE\/CVE-2022-41926", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41926", - "description": "Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds f CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:36Z", - "updated_at": "2022-12-28T02:31:36Z", - "pushed_at": "2022-12-28T02:31:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41927.json b/2022/CVE-2022-41927.json deleted file mode 100644 index f67bce940d..0000000000 --- a/2022/CVE-2022-41927.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841690, - "name": "CVE-2022-41927", - "full_name": "Live-Hack-CVE\/CVE-2022-41927", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41927", - "description": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add t CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:53Z", - "updated_at": "2022-12-28T02:37:53Z", - "pushed_at": "2022-12-28T02:37:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41928.json b/2022/CVE-2022-41928.json deleted file mode 100644 index db12088c15..0000000000 --- a/2022/CVE-2022-41928.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841641, - "name": "CVE-2022-41928", - "full_name": "Live-Hack-CVE\/CVE-2022-41928", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41928", - "description": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The i CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:39Z", - "updated_at": "2022-12-28T02:37:39Z", - "pushed_at": "2022-12-28T02:37:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41929.json b/2022/CVE-2022-41929.json deleted file mode 100644 index 2962b27823..0000000000 --- a/2022/CVE-2022-41929.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841631, - "name": "CVE-2022-41929", - "full_name": "Live-Hack-CVE\/CVE-2022-41929", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41929", - "description": "org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:35Z", - "updated_at": "2022-12-28T02:37:36Z", - "pushed_at": "2022-12-28T02:37:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4193.json b/2022/CVE-2022-4193.json deleted file mode 100644 index 938be22897..0000000000 --- a/2022/CVE-2022-4193.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832997, - "name": "CVE-2022-4193", - "full_name": "Live-Hack-CVE\/CVE-2022-4193", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4193", - "description": "Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:26Z", - "updated_at": "2022-12-28T01:53:26Z", - "pushed_at": "2022-12-28T01:53:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41930.json b/2022/CVE-2022-41930.json deleted file mode 100644 index 7f4fb1b17b..0000000000 --- a/2022/CVE-2022-41930.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841624, - "name": "CVE-2022-41930", - "full_name": "Live-Hack-CVE\/CVE-2022-41930", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41930", - "description": "org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any use CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:32Z", - "updated_at": "2022-12-28T02:37:32Z", - "pushed_at": "2022-12-28T02:37:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41931.json b/2022/CVE-2022-41931.json deleted file mode 100644 index 1713c2cd90..0000000000 --- a/2022/CVE-2022-41931.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841612, - "name": "CVE-2022-41931", - "full_name": "Live-Hack-CVE\/CVE-2022-41931", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41931", - "description": "xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:29Z", - "updated_at": "2022-12-28T02:37:29Z", - "pushed_at": "2022-12-28T02:37:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41932.json b/2022/CVE-2022-41932.json deleted file mode 100644 index 88ad882960..0000000000 --- a/2022/CVE-2022-41932.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841518, - "name": "CVE-2022-41932", - "full_name": "Live-Hack-CVE\/CVE-2022-41932", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41932", - "description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched i CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:58Z", - "updated_at": "2022-12-28T02:36:58Z", - "pushed_at": "2022-12-28T02:37:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41933.json b/2022/CVE-2022-41933.json deleted file mode 100644 index 817273b512..0000000000 --- a/2022/CVE-2022-41933.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832332, - "name": "CVE-2022-41933", - "full_name": "Live-Hack-CVE\/CVE-2022-41933", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41933", - "description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset pass CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:43Z", - "updated_at": "2022-12-28T01:49:43Z", - "pushed_at": "2022-12-28T01:49:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41934.json b/2022/CVE-2022-41934.json deleted file mode 100644 index 471e9af4f2..0000000000 --- a/2022/CVE-2022-41934.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841604, - "name": "CVE-2022-41934", - "full_name": "Live-Hack-CVE\/CVE-2022-41934", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41934", - "description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper esc CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:25Z", - "updated_at": "2022-12-28T02:37:25Z", - "pushed_at": "2022-12-28T02:37:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41935.json b/2022/CVE-2022-41935.json deleted file mode 100644 index d438a233f4..0000000000 --- a/2022/CVE-2022-41935.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841588, - "name": "CVE-2022-41935", - "full_name": "Live-Hack-CVE\/CVE-2022-41935", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41935", - "description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfusc CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:37:20Z", - "updated_at": "2022-12-28T02:37:20Z", - "pushed_at": "2022-12-28T02:37:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41936.json b/2022/CVE-2022-41936.json deleted file mode 100644 index 434c4c1f35..0000000000 --- a/2022/CVE-2022-41936.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857481, - "name": "CVE-2022-41936", - "full_name": "Live-Hack-CVE\/CVE-2022-41936", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41936", - "description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:00:18Z", - "updated_at": "2022-12-28T04:00:18Z", - "pushed_at": "2022-12-28T04:00:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41937.json b/2022/CVE-2022-41937.json deleted file mode 100644 index 927cf00c75..0000000000 --- a/2022/CVE-2022-41937.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857466, - "name": "CVE-2022-41937", - "full_name": "Live-Hack-CVE\/CVE-2022-41937", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41937", - "description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right o CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:00:15Z", - "updated_at": "2022-12-28T04:00:15Z", - "pushed_at": "2022-12-28T04:00:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41938.json b/2022/CVE-2022-41938.json deleted file mode 100644 index e0f972dcbe..0000000000 --- a/2022/CVE-2022-41938.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864084, - "name": "CVE-2022-41938", - "full_name": "Live-Hack-CVE\/CVE-2022-41938", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41938", - "description": "Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:35:07Z", - "updated_at": "2022-12-28T04:35:07Z", - "pushed_at": "2022-12-28T04:35:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41939.json b/2022/CVE-2022-41939.json deleted file mode 100644 index 685f333618..0000000000 --- a/2022/CVE-2022-41939.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864073, - "name": "CVE-2022-41939", - "full_name": "Live-Hack-CVE\/CVE-2022-41939", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41939", - "description": "knative.dev\/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:35:04Z", - "updated_at": "2022-12-28T04:35:04Z", - "pushed_at": "2022-12-28T04:35:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4194.json b/2022/CVE-2022-4194.json deleted file mode 100644 index 6d615afce1..0000000000 --- a/2022/CVE-2022-4194.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832977, - "name": "CVE-2022-4194", - "full_name": "Live-Hack-CVE\/CVE-2022-4194", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4194", - "description": "Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:18Z", - "updated_at": "2022-12-28T01:53:18Z", - "pushed_at": "2022-12-28T01:53:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41940.json b/2022/CVE-2022-41940.json deleted file mode 100644 index c71f11fa29..0000000000 --- a/2022/CVE-2022-41940.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863929, - "name": "CVE-2022-41940", - "full_name": "Live-Hack-CVE\/CVE-2022-41940", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41940", - "description": "Engine.IO is the implementation of transport-based cross-browser\/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including tho CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:19Z", - "updated_at": "2022-12-28T04:34:19Z", - "pushed_at": "2022-12-28T04:34:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41942.json b/2022/CVE-2022-41942.json deleted file mode 100644 index 9ca876c6d2..0000000000 --- a/2022/CVE-2022-41942.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863861, - "name": "CVE-2022-41942", - "full_name": "Live-Hack-CVE\/CVE-2022-41942", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41942", - "description": "Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `\/list-gitolite` endpoint. It was possible to send CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:58Z", - "updated_at": "2022-12-28T04:33:58Z", - "pushed_at": "2022-12-28T04:34:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41943.json b/2022/CVE-2022-41943.json deleted file mode 100644 index 92b1bf7014..0000000000 --- a/2022/CVE-2022-41943.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863832, - "name": "CVE-2022-41943", - "full_name": "Live-Hack-CVE\/CVE-2022-41943", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41943", - "description": "sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:51Z", - "updated_at": "2022-12-28T04:33:51Z", - "pushed_at": "2022-12-28T04:33:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41944.json b/2022/CVE-2022-41944.json deleted file mode 100644 index e8b6e39ef0..0000000000 --- a/2022/CVE-2022-41944.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833708, - "name": "CVE-2022-41944", - "full_name": "Live-Hack-CVE\/CVE-2022-41944", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41944", - "description": "Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:57Z", - "updated_at": "2022-12-28T01:56:57Z", - "pushed_at": "2022-12-28T01:56:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41945.json b/2022/CVE-2022-41945.json deleted file mode 100644 index 30482ebe2a..0000000000 --- a/2022/CVE-2022-41945.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857517, - "name": "CVE-2022-41945", - "full_name": "Live-Hack-CVE\/CVE-2022-41945", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41945", - "description": "super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:00:29Z", - "updated_at": "2022-12-28T04:00:29Z", - "pushed_at": "2022-12-28T04:00:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41946.json b/2022/CVE-2022-41946.json deleted file mode 100644 index 8aecfaa471..0000000000 --- a/2022/CVE-2022-41946.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819360, - "name": "CVE-2022-41946", - "full_name": "Live-Hack-CVE\/CVE-2022-41946", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41946", - "description": "pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:56Z", - "updated_at": "2022-12-28T00:33:56Z", - "pushed_at": "2022-12-28T00:33:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4195.json b/2022/CVE-2022-4195.json deleted file mode 100644 index e39a93f6b6..0000000000 --- a/2022/CVE-2022-4195.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833009, - "name": "CVE-2022-4195", - "full_name": "Live-Hack-CVE\/CVE-2022-4195", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4195", - "description": "Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:30Z", - "updated_at": "2022-12-28T01:53:30Z", - "pushed_at": "2022-12-28T01:53:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41950.json b/2022/CVE-2022-41950.json deleted file mode 100644 index cf32cd66fe..0000000000 --- a/2022/CVE-2022-41950.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863871, - "name": "CVE-2022-41950", - "full_name": "Live-Hack-CVE\/CVE-2022-41950", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41950", - "description": "super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:02Z", - "updated_at": "2022-12-28T04:34:02Z", - "pushed_at": "2022-12-28T04:34:04Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41952.json b/2022/CVE-2022-41952.json deleted file mode 100644 index da99a96404..0000000000 --- a/2022/CVE-2022-41952.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863882, - "name": "CVE-2022-41952", - "full_name": "Live-Hack-CVE\/CVE-2022-41952", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41952", - "description": "Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connection CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:34:05Z", - "updated_at": "2022-12-28T04:34:05Z", - "pushed_at": "2022-12-28T04:34:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41954.json b/2022/CVE-2022-41954.json deleted file mode 100644 index ac0f24e87d..0000000000 --- a/2022/CVE-2022-41954.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840064, - "name": "CVE-2022-41954", - "full_name": "Live-Hack-CVE\/CVE-2022-41954", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41954", - "description": "MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the sy CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:54Z", - "updated_at": "2022-12-28T02:29:54Z", - "pushed_at": "2022-12-28T02:29:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41957.json b/2022/CVE-2022-41957.json deleted file mode 100644 index f74975caeb..0000000000 --- a/2022/CVE-2022-41957.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833681, - "name": "CVE-2022-41957", - "full_name": "Live-Hack-CVE\/CVE-2022-41957", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41957", - "description": "Muhammara is a node module with c\/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:50Z", - "updated_at": "2022-12-28T01:56:50Z", - "pushed_at": "2022-12-28T01:56:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41958.json b/2022/CVE-2022-41958.json deleted file mode 100644 index 7b6d9679ae..0000000000 --- a/2022/CVE-2022-41958.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841398, - "name": "CVE-2022-41958", - "full_name": "Live-Hack-CVE\/CVE-2022-41958", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41958", - "description": "super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future r CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:20Z", - "updated_at": "2022-12-28T02:36:20Z", - "pushed_at": "2022-12-28T02:36:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41965.json b/2022/CVE-2022-41965.json deleted file mode 100644 index caf7345a41..0000000000 --- a/2022/CVE-2022-41965.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833159, - "name": "CVE-2022-41965", - "full_name": "Live-Hack-CVE\/CVE-2022-41965", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41965", - "description": "Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's O CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:18Z", - "updated_at": "2022-12-28T01:54:19Z", - "pushed_at": "2022-12-28T01:54:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41968.json b/2022/CVE-2022-41968.json deleted file mode 100644 index 4267bfc48b..0000000000 --- a/2022/CVE-2022-41968.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811909, - "name": "CVE-2022-41968", - "full_name": "Live-Hack-CVE\/CVE-2022-41968", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41968", - "description": "Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known wor CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:25Z", - "updated_at": "2022-12-27T23:51:25Z", - "pushed_at": "2022-12-27T23:51:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41969.json b/2022/CVE-2022-41969.json deleted file mode 100644 index 1bd6795081..0000000000 --- a/2022/CVE-2022-41969.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811953, - "name": "CVE-2022-41969", - "full_name": "Live-Hack-CVE\/CVE-2022-41969", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41969", - "description": "Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:37Z", - "updated_at": "2022-12-27T23:51:37Z", - "pushed_at": "2022-12-27T23:51:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-41978.json b/2022/CVE-2022-41978.json new file mode 100644 index 0000000000..74b5fca32d --- /dev/null +++ b/2022/CVE-2022-41978.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969480, + "name": "CVE-2022-41978", + "full_name": "Live-Hack-CVE\/CVE-2022-41978", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41978", + "description": "Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:31:52Z", + "updated_at": "2022-12-28T11:31:52Z", + "pushed_at": "2022-12-28T11:31:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-41980.json b/2022/CVE-2022-41980.json new file mode 100644 index 0000000000..aec184dcac --- /dev/null +++ b/2022/CVE-2022-41980.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970971, + "name": "CVE-2022-41980", + "full_name": "Live-Hack-CVE\/CVE-2022-41980", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-41980", + "description": "Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:10Z", + "updated_at": "2022-12-28T11:37:10Z", + "pushed_at": "2022-12-28T11:37:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42000.json b/2022/CVE-2022-42000.json new file mode 100644 index 0000000000..b9fe7127d3 --- /dev/null +++ b/2022/CVE-2022-42000.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922879, + "name": "CVE-2022-42000", + "full_name": "Live-Hack-CVE\/CVE-2022-42000", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42000", + "description": "Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:19Z", + "updated_at": "2022-12-28T08:43:19Z", + "pushed_at": "2022-12-28T08:43:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42001.json b/2022/CVE-2022-42001.json new file mode 100644 index 0000000000..be598f5e8f --- /dev/null +++ b/2022/CVE-2022-42001.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922758, + "name": "CVE-2022-42001", + "full_name": "Live-Hack-CVE\/CVE-2022-42001", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42001", + "description": "Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:49Z", + "updated_at": "2022-12-28T08:42:49Z", + "pushed_at": "2022-12-28T08:42:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42003.json b/2022/CVE-2022-42003.json deleted file mode 100644 index c9addc89ee..0000000000 --- a/2022/CVE-2022-42003.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832493, - "name": "CVE-2022-42003", - "full_name": "Live-Hack-CVE\/CVE-2022-42003", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42003", - "description": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:35Z", - "updated_at": "2022-12-28T01:50:35Z", - "pushed_at": "2022-12-28T01:50:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42004.json b/2022/CVE-2022-42004.json deleted file mode 100644 index 706e561d87..0000000000 --- a/2022/CVE-2022-42004.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832542, - "name": "CVE-2022-42004", - "full_name": "Live-Hack-CVE\/CVE-2022-42004", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42004", - "description": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:54Z", - "updated_at": "2022-12-28T01:50:54Z", - "pushed_at": "2022-12-28T01:50:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42060.json b/2022/CVE-2022-42060.json deleted file mode 100644 index 07ce7e14fa..0000000000 --- a/2022/CVE-2022-42060.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582847912, - "name": "CVE-2022-42060", - "full_name": "Live-Hack-CVE\/CVE-2022-42060", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42060", - "description": "Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:09:51Z", - "updated_at": "2022-12-28T03:09:51Z", - "pushed_at": "2022-12-28T03:09:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42075.json b/2022/CVE-2022-42075.json new file mode 100644 index 0000000000..09b7028e2e --- /dev/null +++ b/2022/CVE-2022-42075.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959570, + "name": "CVE-2022-42075", + "full_name": "Live-Hack-CVE\/CVE-2022-42075", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42075", + "description": "Wedding Planner v1.0 is vulnerable to arbitrary code execution. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:55:24Z", + "updated_at": "2022-12-28T10:55:24Z", + "pushed_at": "2022-12-28T10:55:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4208.json b/2022/CVE-2022-4208.json deleted file mode 100644 index 60e672c617..0000000000 --- a/2022/CVE-2022-4208.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811674, - "name": "CVE-2022-4208", - "full_name": "Live-Hack-CVE\/CVE-2022-4208", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4208", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:03Z", - "updated_at": "2022-12-27T23:50:03Z", - "pushed_at": "2022-12-27T23:50:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4209.json b/2022/CVE-2022-4209.json deleted file mode 100644 index 7a6a3148ec..0000000000 --- a/2022/CVE-2022-4209.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811665, - "name": "CVE-2022-4209", - "full_name": "Live-Hack-CVE\/CVE-2022-4209", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4209", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:59Z", - "updated_at": "2022-12-27T23:49:59Z", - "pushed_at": "2022-12-27T23:50:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42094.json b/2022/CVE-2022-42094.json deleted file mode 100644 index 9c0b0b307b..0000000000 --- a/2022/CVE-2022-42094.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864788, - "name": "CVE-2022-42094", - "full_name": "Live-Hack-CVE\/CVE-2022-42094", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42094", - "description": "Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:44Z", - "updated_at": "2022-12-28T04:38:44Z", - "pushed_at": "2022-12-28T04:38:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42095.json b/2022/CVE-2022-42095.json deleted file mode 100644 index 9db3ab3d50..0000000000 --- a/2022/CVE-2022-42095.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841897, - "name": "CVE-2022-42095", - "full_name": "Live-Hack-CVE\/CVE-2022-42095", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42095", - "description": "Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:52Z", - "updated_at": "2022-12-28T02:38:52Z", - "pushed_at": "2022-12-28T02:38:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42096.json b/2022/CVE-2022-42096.json deleted file mode 100644 index ee1970505b..0000000000 --- a/2022/CVE-2022-42096.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865781, - "name": "CVE-2022-42096", - "full_name": "Live-Hack-CVE\/CVE-2022-42096", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42096", - "description": "Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:51Z", - "updated_at": "2022-12-28T04:43:51Z", - "pushed_at": "2022-12-28T04:43:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42097.json b/2022/CVE-2022-42097.json deleted file mode 100644 index 17ad35c109..0000000000 --- a/2022/CVE-2022-42097.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864730, - "name": "CVE-2022-42097", - "full_name": "Live-Hack-CVE\/CVE-2022-42097", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42097", - "description": "Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:26Z", - "updated_at": "2022-12-28T04:38:26Z", - "pushed_at": "2022-12-28T04:38:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42098.json b/2022/CVE-2022-42098.json deleted file mode 100644 index 980b107437..0000000000 --- a/2022/CVE-2022-42098.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864743, - "name": "CVE-2022-42098", - "full_name": "Live-Hack-CVE\/CVE-2022-42098", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42098", - "description": "KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:31Z", - "updated_at": "2022-12-28T04:38:31Z", - "pushed_at": "2022-12-28T04:38:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42099.json b/2022/CVE-2022-42099.json deleted file mode 100644 index e078de9f57..0000000000 --- a/2022/CVE-2022-42099.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848000, - "name": "CVE-2022-42099", - "full_name": "Live-Hack-CVE\/CVE-2022-42099", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42099", - "description": "KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:18Z", - "updated_at": "2022-12-28T03:10:18Z", - "pushed_at": "2022-12-28T03:10:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4210.json b/2022/CVE-2022-4210.json deleted file mode 100644 index 77a2b4a328..0000000000 --- a/2022/CVE-2022-4210.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811689, - "name": "CVE-2022-4210", - "full_name": "Live-Hack-CVE\/CVE-2022-4210", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4210", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sc CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:06Z", - "updated_at": "2022-12-27T23:50:06Z", - "pushed_at": "2022-12-27T23:50:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42100.json b/2022/CVE-2022-42100.json deleted file mode 100644 index 1fe1539cbf..0000000000 --- a/2022/CVE-2022-42100.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848010, - "name": "CVE-2022-42100", - "full_name": "Live-Hack-CVE\/CVE-2022-42100", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42100", - "description": "KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:21Z", - "updated_at": "2022-12-28T03:10:21Z", - "pushed_at": "2022-12-28T03:10:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42109.json b/2022/CVE-2022-42109.json deleted file mode 100644 index 7a9f8ff0de..0000000000 --- a/2022/CVE-2022-42109.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848022, - "name": "CVE-2022-42109", - "full_name": "Live-Hack-CVE\/CVE-2022-42109", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42109", - "description": "Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at \/shopping\/product.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:25Z", - "updated_at": "2022-12-28T03:10:25Z", - "pushed_at": "2022-12-28T03:10:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4211.json b/2022/CVE-2022-4211.json deleted file mode 100644 index 4a04fa06c3..0000000000 --- a/2022/CVE-2022-4211.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811705, - "name": "CVE-2022-4211", - "full_name": "Live-Hack-CVE\/CVE-2022-4211", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4211", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:10Z", - "updated_at": "2022-12-27T23:50:10Z", - "pushed_at": "2022-12-27T23:50:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42110.json b/2022/CVE-2022-42110.json new file mode 100644 index 0000000000..ca29a09531 --- /dev/null +++ b/2022/CVE-2022-42110.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912762, + "name": "CVE-2022-42110", + "full_name": "Live-Hack-CVE\/CVE-2022-42110", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42110", + "description": "A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:43Z", + "updated_at": "2022-12-28T08:04:43Z", + "pushed_at": "2022-12-28T08:04:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42111.json b/2022/CVE-2022-42111.json new file mode 100644 index 0000000000..76daa710a3 --- /dev/null +++ b/2022/CVE-2022-42111.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912643, + "name": "CVE-2022-42111", + "full_name": "Live-Hack-CVE\/CVE-2022-42111", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42111", + "description": "A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:14Z", + "updated_at": "2022-12-28T08:04:14Z", + "pushed_at": "2022-12-28T08:04:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42118.json b/2022/CVE-2022-42118.json new file mode 100644 index 0000000000..de3d1b4dd8 --- /dev/null +++ b/2022/CVE-2022-42118.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912729, + "name": "CVE-2022-42118", + "full_name": "Live-Hack-CVE\/CVE-2022-42118", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42118", + "description": "A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:36Z", + "updated_at": "2022-12-28T08:04:36Z", + "pushed_at": "2022-12-28T08:04:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42119.json b/2022/CVE-2022-42119.json new file mode 100644 index 0000000000..fed9282ae7 --- /dev/null +++ b/2022/CVE-2022-42119.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912698, + "name": "CVE-2022-42119", + "full_name": "Live-Hack-CVE\/CVE-2022-42119", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42119", + "description": "Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:29Z", + "updated_at": "2022-12-28T08:04:29Z", + "pushed_at": "2022-12-28T08:04:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4212.json b/2022/CVE-2022-4212.json deleted file mode 100644 index cd03c2a010..0000000000 --- a/2022/CVE-2022-4212.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811715, - "name": "CVE-2022-4212", - "full_name": "Live-Hack-CVE\/CVE-2022-4212", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4212", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sc CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:13Z", - "updated_at": "2022-12-27T23:50:13Z", - "pushed_at": "2022-12-27T23:50:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42120.json b/2022/CVE-2022-42120.json new file mode 100644 index 0000000000..8e780549f9 --- /dev/null +++ b/2022/CVE-2022-42120.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912665, + "name": "CVE-2022-42120", + "full_name": "Live-Hack-CVE\/CVE-2022-42120", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42120", + "description": "A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:21Z", + "updated_at": "2022-12-28T08:04:21Z", + "pushed_at": "2022-12-28T08:04:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42121.json b/2022/CVE-2022-42121.json new file mode 100644 index 0000000000..fa0f071ccd --- /dev/null +++ b/2022/CVE-2022-42121.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912578, + "name": "CVE-2022-42121", + "full_name": "Live-Hack-CVE\/CVE-2022-42121", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42121", + "description": "A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:59Z", + "updated_at": "2022-12-28T08:03:59Z", + "pushed_at": "2022-12-28T08:04:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42122.json b/2022/CVE-2022-42122.json new file mode 100644 index 0000000000..769196be17 --- /dev/null +++ b/2022/CVE-2022-42122.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912597, + "name": "CVE-2022-42122", + "full_name": "Live-Hack-CVE\/CVE-2022-42122", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42122", + "description": "A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:03Z", + "updated_at": "2022-12-28T08:04:03Z", + "pushed_at": "2022-12-28T08:04:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42123.json b/2022/CVE-2022-42123.json new file mode 100644 index 0000000000..5d28bbf0f4 --- /dev/null +++ b/2022/CVE-2022-42123.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893726, + "name": "CVE-2022-42123", + "full_name": "Live-Hack-CVE\/CVE-2022-42123", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42123", + "description": "A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:48:25Z", + "updated_at": "2022-12-28T06:48:25Z", + "pushed_at": "2022-12-28T06:48:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42124.json b/2022/CVE-2022-42124.json new file mode 100644 index 0000000000..942071b973 --- /dev/null +++ b/2022/CVE-2022-42124.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892992, + "name": "CVE-2022-42124", + "full_name": "Live-Hack-CVE\/CVE-2022-42124", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42124", + "description": "ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:26Z", + "updated_at": "2022-12-28T06:45:26Z", + "pushed_at": "2022-12-28T06:45:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42125.json b/2022/CVE-2022-42125.json new file mode 100644 index 0000000000..eb300ce8bd --- /dev/null +++ b/2022/CVE-2022-42125.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892937, + "name": "CVE-2022-42125", + "full_name": "Live-Hack-CVE\/CVE-2022-42125", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42125", + "description": "Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin\/module. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:15Z", + "updated_at": "2022-12-28T06:45:15Z", + "pushed_at": "2022-12-28T06:45:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42126.json b/2022/CVE-2022-42126.json new file mode 100644 index 0000000000..e84c9c217a --- /dev/null +++ b/2022/CVE-2022-42126.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892928, + "name": "CVE-2022-42126", + "full_name": "Live-Hack-CVE\/CVE-2022-42126", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42126", + "description": "The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:12Z", + "updated_at": "2022-12-28T06:45:12Z", + "pushed_at": "2022-12-28T06:45:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42127.json b/2022/CVE-2022-42127.json new file mode 100644 index 0000000000..28ba5d7859 --- /dev/null +++ b/2022/CVE-2022-42127.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892914, + "name": "CVE-2022-42127", + "full_name": "Live-Hack-CVE\/CVE-2022-42127", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42127", + "description": "The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:08Z", + "updated_at": "2022-12-28T06:45:08Z", + "pushed_at": "2022-12-28T06:45:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42128.json b/2022/CVE-2022-42128.json new file mode 100644 index 0000000000..cf4eafd4d4 --- /dev/null +++ b/2022/CVE-2022-42128.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892899, + "name": "CVE-2022-42128", + "full_name": "Live-Hack-CVE\/CVE-2022-42128", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42128", + "description": "The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:05Z", + "updated_at": "2022-12-28T06:45:05Z", + "pushed_at": "2022-12-28T06:45:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42129.json b/2022/CVE-2022-42129.json new file mode 100644 index 0000000000..cfef6948d0 --- /dev/null +++ b/2022/CVE-2022-42129.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893648, + "name": "CVE-2022-42129", + "full_name": "Live-Hack-CVE\/CVE-2022-42129", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42129", + "description": "An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:48:08Z", + "updated_at": "2022-12-28T06:48:08Z", + "pushed_at": "2022-12-28T06:48:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4213.json b/2022/CVE-2022-4213.json deleted file mode 100644 index 2b2649d43d..0000000000 --- a/2022/CVE-2022-4213.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811780, - "name": "CVE-2022-4213", - "full_name": "Live-Hack-CVE\/CVE-2022-4213", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4213", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:44Z", - "updated_at": "2022-12-27T23:50:44Z", - "pushed_at": "2022-12-27T23:50:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42130.json b/2022/CVE-2022-42130.json new file mode 100644 index 0000000000..ef559a8283 --- /dev/null +++ b/2022/CVE-2022-42130.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893538, + "name": "CVE-2022-42130", + "full_name": "Live-Hack-CVE\/CVE-2022-42130", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42130", + "description": "The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:44Z", + "updated_at": "2022-12-28T06:47:44Z", + "pushed_at": "2022-12-28T06:47:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42131.json b/2022/CVE-2022-42131.json new file mode 100644 index 0000000000..3f049564c5 --- /dev/null +++ b/2022/CVE-2022-42131.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893700, + "name": "CVE-2022-42131", + "full_name": "Live-Hack-CVE\/CVE-2022-42131", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42131", + "description": "Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:48:19Z", + "updated_at": "2022-12-28T06:48:19Z", + "pushed_at": "2022-12-28T06:48:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42132.json b/2022/CVE-2022-42132.json new file mode 100644 index 0000000000..fc970b21df --- /dev/null +++ b/2022/CVE-2022-42132.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902602, + "name": "CVE-2022-42132", + "full_name": "Live-Hack-CVE\/CVE-2022-42132", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42132", + "description": "The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-mid CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:24:34Z", + "updated_at": "2022-12-28T07:24:34Z", + "pushed_at": "2022-12-28T07:24:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4214.json b/2022/CVE-2022-4214.json deleted file mode 100644 index 6e45cca8f0..0000000000 --- a/2022/CVE-2022-4214.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811609, - "name": "CVE-2022-4214", - "full_name": "Live-Hack-CVE\/CVE-2022-4214", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4214", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:35Z", - "updated_at": "2022-12-27T23:49:35Z", - "pushed_at": "2022-12-27T23:49:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4215.json b/2022/CVE-2022-4215.json deleted file mode 100644 index 7b8bd1fac1..0000000000 --- a/2022/CVE-2022-4215.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811626, - "name": "CVE-2022-4215", - "full_name": "Live-Hack-CVE\/CVE-2022-4215", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4215", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:42Z", - "updated_at": "2022-12-27T23:49:42Z", - "pushed_at": "2022-12-27T23:49:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4216.json b/2022/CVE-2022-4216.json deleted file mode 100644 index bf6ef1bdd2..0000000000 --- a/2022/CVE-2022-4216.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811614, - "name": "CVE-2022-4216", - "full_name": "Live-Hack-CVE\/CVE-2022-4216", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4216", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrar CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:38Z", - "updated_at": "2022-12-27T23:49:38Z", - "pushed_at": "2022-12-27T23:49:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4217.json b/2022/CVE-2022-4217.json deleted file mode 100644 index 490334d02b..0000000000 --- a/2022/CVE-2022-4217.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811641, - "name": "CVE-2022-4217", - "full_name": "Live-Hack-CVE\/CVE-2022-4217", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4217", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web s CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:48Z", - "updated_at": "2022-12-27T23:49:48Z", - "pushed_at": "2022-12-27T23:49:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4218.json b/2022/CVE-2022-4218.json deleted file mode 100644 index 0518c98498..0000000000 --- a/2022/CVE-2022-4218.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811634, - "name": "CVE-2022-4218", - "full_name": "Live-Hack-CVE\/CVE-2022-4218", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4218", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they c CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:45Z", - "updated_at": "2022-12-27T23:49:45Z", - "pushed_at": "2022-12-27T23:49:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42187.json b/2022/CVE-2022-42187.json new file mode 100644 index 0000000000..e9ba6fcebe --- /dev/null +++ b/2022/CVE-2022-42187.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902025, + "name": "CVE-2022-42187", + "full_name": "Live-Hack-CVE\/CVE-2022-42187", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42187", + "description": "Hustoj 22.09.22 has a XSS Vulnerability in \/admin\/problem_judge.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:10Z", + "updated_at": "2022-12-28T07:22:10Z", + "pushed_at": "2022-12-28T07:22:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4219.json b/2022/CVE-2022-4219.json deleted file mode 100644 index 18b3ed465e..0000000000 --- a/2022/CVE-2022-4219.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811649, - "name": "CVE-2022-4219", - "full_name": "Live-Hack-CVE\/CVE-2022-4219", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4219", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can tri CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:52Z", - "updated_at": "2022-12-27T23:49:52Z", - "pushed_at": "2022-12-27T23:49:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4220.json b/2022/CVE-2022-4220.json deleted file mode 100644 index 347b167706..0000000000 --- a/2022/CVE-2022-4220.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811656, - "name": "CVE-2022-4220", - "full_name": "Live-Hack-CVE\/CVE-2022-4220", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4220", - "description": "The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they c CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:55Z", - "updated_at": "2022-12-27T23:49:55Z", - "pushed_at": "2022-12-27T23:49:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4221.json b/2022/CVE-2022-4221.json deleted file mode 100644 index 607b07c944..0000000000 --- a/2022/CVE-2022-4221.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817647, - "name": "CVE-2022-4221", - "full_name": "Live-Hack-CVE\/CVE-2022-4221", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4221", - "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:31Z", - "updated_at": "2022-12-28T00:24:31Z", - "pushed_at": "2022-12-28T00:24:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4222.json b/2022/CVE-2022-4222.json deleted file mode 100644 index e7eeb80a22..0000000000 --- a/2022/CVE-2022-4222.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832650, - "name": "CVE-2022-4222", - "full_name": "Live-Hack-CVE\/CVE-2022-4222", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4222", - "description": "A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploi CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:28Z", - "updated_at": "2022-12-28T01:51:28Z", - "pushed_at": "2022-12-28T01:51:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42227.json b/2022/CVE-2022-42227.json deleted file mode 100644 index bef1b24547..0000000000 --- a/2022/CVE-2022-42227.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819288, - "name": "CVE-2022-42227", - "full_name": "Live-Hack-CVE\/CVE-2022-42227", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42227", - "description": "jsonlint 1.0 is vulnerable to heap-buffer-overflow via \/home\/hjsz\/jsonlint\/src\/lexer. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:35Z", - "updated_at": "2022-12-28T00:33:35Z", - "pushed_at": "2022-12-28T00:33:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42245.json b/2022/CVE-2022-42245.json new file mode 100644 index 0000000000..7bb9061134 --- /dev/null +++ b/2022/CVE-2022-42245.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901976, + "name": "CVE-2022-42245", + "full_name": "Live-Hack-CVE\/CVE-2022-42245", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42245", + "description": "Dreamer CMS 4.0.01 is vulnerable to SQL Injection. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:59Z", + "updated_at": "2022-12-28T07:21:59Z", + "pushed_at": "2022-12-28T07:22:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42246.json b/2022/CVE-2022-42246.json new file mode 100644 index 0000000000..2f13f23edb --- /dev/null +++ b/2022/CVE-2022-42246.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901929, + "name": "CVE-2022-42246", + "full_name": "Live-Hack-CVE\/CVE-2022-42246", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42246", + "description": "Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:48Z", + "updated_at": "2022-12-28T07:21:48Z", + "pushed_at": "2022-12-28T07:21:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4228.json b/2022/CVE-2022-4228.json deleted file mode 100644 index c4f034dd09..0000000000 --- a/2022/CVE-2022-4228.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832722, - "name": "CVE-2022-4228", - "full_name": "Live-Hack-CVE\/CVE-2022-4228", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4228", - "description": "A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file \/bsms_ci\/index.php\/user\/edit_user\/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:53Z", - "updated_at": "2022-12-28T01:51:53Z", - "pushed_at": "2022-12-28T01:51:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4229.json b/2022/CVE-2022-4229.json deleted file mode 100644 index 847144e0d4..0000000000 --- a/2022/CVE-2022-4229.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832735, - "name": "CVE-2022-4229", - "full_name": "Live-Hack-CVE\/CVE-2022-4229", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4229", - "description": "A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file \/bsms_ci\/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be u CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:56Z", - "updated_at": "2022-12-28T01:51:56Z", - "pushed_at": "2022-12-28T01:51:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42309.json b/2022/CVE-2022-42309.json deleted file mode 100644 index 4ffb05ccd7..0000000000 --- a/2022/CVE-2022-42309.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848862, - "name": "CVE-2022-42309", - "full_name": "Live-Hack-CVE\/CVE-2022-42309", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42309", - "description": "Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:14:53Z", - "updated_at": "2022-12-28T03:14:53Z", - "pushed_at": "2022-12-28T03:14:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42310.json b/2022/CVE-2022-42310.json deleted file mode 100644 index 4e76f29eb1..0000000000 --- a/2022/CVE-2022-42310.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818693, - "name": "CVE-2022-42310", - "full_name": "Live-Hack-CVE\/CVE-2022-42310", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42310", - "description": "Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situati CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:30:21Z", - "updated_at": "2022-12-28T00:30:21Z", - "pushed_at": "2022-12-28T00:30:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42311.json b/2022/CVE-2022-42311.json deleted file mode 100644 index 43cd09ef11..0000000000 --- a/2022/CVE-2022-42311.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819236, - "name": "CVE-2022-42311", - "full_name": "Live-Hack-CVE\/CVE-2022-42311", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42311", - "description": "Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. T CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:18Z", - "updated_at": "2022-12-28T00:33:18Z", - "pushed_at": "2022-12-28T00:33:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42317.json b/2022/CVE-2022-42317.json deleted file mode 100644 index 4da7a0dd74..0000000000 --- a/2022/CVE-2022-42317.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818710, - "name": "CVE-2022-42317", - "full_name": "Live-Hack-CVE\/CVE-2022-42317", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42317", - "description": "Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. T CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:30:24Z", - "updated_at": "2022-12-28T00:30:24Z", - "pushed_at": "2022-12-28T00:30:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42318.json b/2022/CVE-2022-42318.json deleted file mode 100644 index 6fb194ef42..0000000000 --- a/2022/CVE-2022-42318.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848781, - "name": "CVE-2022-42318", - "full_name": "Live-Hack-CVE\/CVE-2022-42318", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42318", - "description": "Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. T CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:14:24Z", - "updated_at": "2022-12-28T03:14:24Z", - "pushed_at": "2022-12-28T03:14:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42319.json b/2022/CVE-2022-42319.json deleted file mode 100644 index 11b17a0b68..0000000000 --- a/2022/CVE-2022-42319.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848791, - "name": "CVE-2022-42319", - "full_name": "Live-Hack-CVE\/CVE-2022-42319", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42319", - "description": "Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:14:27Z", - "updated_at": "2022-12-28T03:14:27Z", - "pushed_at": "2022-12-28T03:14:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4232.json b/2022/CVE-2022-4232.json deleted file mode 100644 index af925743cc..0000000000 --- a/2022/CVE-2022-4232.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832742, - "name": "CVE-2022-4232", - "full_name": "Live-Hack-CVE\/CVE-2022-4232", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4232", - "description": "A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:52:00Z", - "updated_at": "2022-12-28T01:52:00Z", - "pushed_at": "2022-12-28T01:52:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42320.json b/2022/CVE-2022-42320.json deleted file mode 100644 index 529e6a8f08..0000000000 --- a/2022/CVE-2022-42320.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848804, - "name": "CVE-2022-42320", - "full_name": "Live-Hack-CVE\/CVE-2022-42320", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42320", - "description": "Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when s CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:14:31Z", - "updated_at": "2022-12-28T03:14:31Z", - "pushed_at": "2022-12-28T03:14:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42321.json b/2022/CVE-2022-42321.json deleted file mode 100644 index f0cfb77c61..0000000000 --- a/2022/CVE-2022-42321.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856554, - "name": "CVE-2022-42321", - "full_name": "Live-Hack-CVE\/CVE-2022-42321", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42321", - "description": "Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:25Z", - "updated_at": "2022-12-28T03:55:25Z", - "pushed_at": "2022-12-28T03:55:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42322.json b/2022/CVE-2022-42322.json deleted file mode 100644 index 2d40f7acdc..0000000000 --- a/2022/CVE-2022-42322.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856623, - "name": "CVE-2022-42322", - "full_name": "Live-Hack-CVE\/CVE-2022-42322", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42322", - "description": "Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow t CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:49Z", - "updated_at": "2022-12-28T03:55:49Z", - "pushed_at": "2022-12-28T03:55:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42323.json b/2022/CVE-2022-42323.json deleted file mode 100644 index f0a96ef7e4..0000000000 --- a/2022/CVE-2022-42323.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856604, - "name": "CVE-2022-42323", - "full_name": "Live-Hack-CVE\/CVE-2022-42323", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42323", - "description": "Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow t CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:42Z", - "updated_at": "2022-12-28T03:55:42Z", - "pushed_at": "2022-12-28T03:55:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42325.json b/2022/CVE-2022-42325.json deleted file mode 100644 index 75c5dc1509..0000000000 --- a/2022/CVE-2022-42325.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856611, - "name": "CVE-2022-42325", - "full_name": "Live-Hack-CVE\/CVE-2022-42325", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42325", - "description": "Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will b CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:55:45Z", - "updated_at": "2022-12-28T03:55:45Z", - "pushed_at": "2022-12-28T03:55:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42326.json b/2022/CVE-2022-42326.json deleted file mode 100644 index cf9d4d374e..0000000000 --- a/2022/CVE-2022-42326.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848850, - "name": "CVE-2022-42326", - "full_name": "Live-Hack-CVE\/CVE-2022-42326", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42326", - "description": "Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects\/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will b CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:14:49Z", - "updated_at": "2022-12-28T03:14:49Z", - "pushed_at": "2022-12-28T03:14:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42327.json b/2022/CVE-2022-42327.json deleted file mode 100644 index c048ada17c..0000000000 --- a/2022/CVE-2022-42327.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864275, - "name": "CVE-2022-42327", - "full_name": "Live-Hack-CVE\/CVE-2022-42327", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42327", - "description": "x86: unintended memory sharing between guests On Intel systems that support the \"virtualize APIC accesses\" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:36:00Z", - "updated_at": "2022-12-28T04:36:00Z", - "pushed_at": "2022-12-28T04:36:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4233.json b/2022/CVE-2022-4233.json deleted file mode 100644 index fea84aef0b..0000000000 --- a/2022/CVE-2022-4233.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832599, - "name": "CVE-2022-4233", - "full_name": "Live-Hack-CVE\/CVE-2022-4233", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4233", - "description": "A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \/event\/admin\/?page=user\/list. The manipulation of the argument First Name\/Last Name leads to cross site scripting. The attack can be launch CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:11Z", - "updated_at": "2022-12-28T01:51:11Z", - "pushed_at": "2022-12-28T01:51:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4234.json b/2022/CVE-2022-4234.json deleted file mode 100644 index ab7f3156df..0000000000 --- a/2022/CVE-2022-4234.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832345, - "name": "CVE-2022-4234", - "full_name": "Live-Hack-CVE\/CVE-2022-4234", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4234", - "description": "A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam\/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been di CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:50Z", - "updated_at": "2022-12-28T01:49:50Z", - "pushed_at": "2022-12-28T01:49:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42457.json b/2022/CVE-2022-42457.json new file mode 100644 index 0000000000..fff5653f1d --- /dev/null +++ b/2022/CVE-2022-42457.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959429, + "name": "CVE-2022-42457", + "full_name": "Live-Hack-CVE\/CVE-2022-42457", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42457", + "description": "Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in \/usr\/bin\/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:54:52Z", + "updated_at": "2022-12-28T10:54:52Z", + "pushed_at": "2022-12-28T10:54:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42459.json b/2022/CVE-2022-42459.json deleted file mode 100644 index 91032f634a..0000000000 --- a/2022/CVE-2022-42459.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872317, - "name": "CVE-2022-42459", - "full_name": "Live-Hack-CVE\/CVE-2022-42459", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42459", - "description": "Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:04Z", - "updated_at": "2022-12-28T05:17:04Z", - "pushed_at": "2022-12-28T05:17:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4246.json b/2022/CVE-2022-4246.json deleted file mode 100644 index cedc98dddb..0000000000 --- a/2022/CVE-2022-4246.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832246, - "name": "CVE-2022-4246", - "full_name": "Live-Hack-CVE\/CVE-2022-4246", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4246", - "description": "A vulnerability classified as problematic has been found in Kakao PotPlayer. This affects an unknown part of the component MID File Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifie CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:16Z", - "updated_at": "2022-12-28T01:49:16Z", - "pushed_at": "2022-12-28T01:49:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42460.json b/2022/CVE-2022-42460.json new file mode 100644 index 0000000000..491b83f354 --- /dev/null +++ b/2022/CVE-2022-42460.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936231, + "name": "CVE-2022-42460", + "full_name": "Live-Hack-CVE\/CVE-2022-42460", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42460", + "description": "Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:38Z", + "updated_at": "2022-12-28T09:31:38Z", + "pushed_at": "2022-12-28T09:31:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4247.json b/2022/CVE-2022-4247.json deleted file mode 100644 index 84fa6dc30d..0000000000 --- a/2022/CVE-2022-4247.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832221, - "name": "CVE-2022-4247", - "full_name": "Live-Hack-CVE\/CVE-2022-4247", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4247", - "description": "A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:09Z", - "updated_at": "2022-12-28T01:49:09Z", - "pushed_at": "2022-12-28T01:49:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4248.json b/2022/CVE-2022-4248.json deleted file mode 100644 index 163f0f5a92..0000000000 --- a/2022/CVE-2022-4248.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832202, - "name": "CVE-2022-4248", - "full_name": "Live-Hack-CVE\/CVE-2022-4248", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4248", - "description": "A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:02Z", - "updated_at": "2022-12-28T01:49:02Z", - "pushed_at": "2022-12-28T01:49:04Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4249.json b/2022/CVE-2022-4249.json deleted file mode 100644 index 8ec3f06cb3..0000000000 --- a/2022/CVE-2022-4249.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832080, - "name": "CVE-2022-4249", - "full_name": "Live-Hack-CVE\/CVE-2022-4249", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4249", - "description": "A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDER_ID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:21Z", - "updated_at": "2022-12-28T01:48:21Z", - "pushed_at": "2022-12-28T01:48:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42494.json b/2022/CVE-2022-42494.json new file mode 100644 index 0000000000..3ae61ced91 --- /dev/null +++ b/2022/CVE-2022-42494.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970950, + "name": "CVE-2022-42494", + "full_name": "Live-Hack-CVE\/CVE-2022-42494", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42494", + "description": "Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:06Z", + "updated_at": "2022-12-28T11:37:06Z", + "pushed_at": "2022-12-28T11:37:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4250.json b/2022/CVE-2022-4250.json deleted file mode 100644 index 0d9650d533..0000000000 --- a/2022/CVE-2022-4250.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832033, - "name": "CVE-2022-4250", - "full_name": "Live-Hack-CVE\/CVE-2022-4250", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4250", - "description": "A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the p CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:07Z", - "updated_at": "2022-12-28T01:48:07Z", - "pushed_at": "2022-12-28T01:48:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4251.json b/2022/CVE-2022-4251.json deleted file mode 100644 index e41952c0bd..0000000000 --- a/2022/CVE-2022-4251.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817658, - "name": "CVE-2022-4251", - "full_name": "Live-Hack-CVE\/CVE-2022-4251", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4251", - "description": "A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:34Z", - "updated_at": "2022-12-28T00:24:34Z", - "pushed_at": "2022-12-28T00:24:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4252.json b/2022/CVE-2022-4252.json deleted file mode 100644 index 42165f22bb..0000000000 --- a/2022/CVE-2022-4252.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832177, - "name": "CVE-2022-4252", - "full_name": "Live-Hack-CVE\/CVE-2022-4252", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4252", - "description": "A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:55Z", - "updated_at": "2022-12-28T01:48:55Z", - "pushed_at": "2022-12-28T01:48:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4253.json b/2022/CVE-2022-4253.json deleted file mode 100644 index 1af5954fc4..0000000000 --- a/2022/CVE-2022-4253.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832170, - "name": "CVE-2022-4253", - "full_name": "Live-Hack-CVE\/CVE-2022-4253", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4253", - "description": "A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public an CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:51Z", - "updated_at": "2022-12-28T01:48:51Z", - "pushed_at": "2022-12-28T01:48:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42533.json b/2022/CVE-2022-42533.json deleted file mode 100644 index 761236a461..0000000000 --- a/2022/CVE-2022-42533.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873921, - "name": "CVE-2022-42533", - "full_name": "Live-Hack-CVE\/CVE-2022-42533", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42533", - "description": "In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415 CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:00Z", - "updated_at": "2022-12-28T05:24:00Z", - "pushed_at": "2022-12-28T05:24:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4257.json b/2022/CVE-2022-4257.json deleted file mode 100644 index 303e763447..0000000000 --- a/2022/CVE-2022-4257.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812113, - "name": "CVE-2022-4257", - "full_name": "Live-Hack-CVE\/CVE-2022-4257", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4257", - "description": "A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin\/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exp CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:33Z", - "updated_at": "2022-12-27T23:52:34Z", - "pushed_at": "2022-12-27T23:52:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4262.json b/2022/CVE-2022-4262.json deleted file mode 100644 index 2522f12858..0000000000 --- a/2022/CVE-2022-4262.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817682, - "name": "CVE-2022-4262", - "full_name": "Live-Hack-CVE\/CVE-2022-4262", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4262", - "description": "Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:41Z", - "updated_at": "2022-12-28T00:24:41Z", - "pushed_at": "2022-12-28T00:24:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-4270.json b/2022/CVE-2022-4270.json deleted file mode 100644 index 4079b34725..0000000000 --- a/2022/CVE-2022-4270.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811969, - "name": "CVE-2022-4270", - "full_name": "Live-Hack-CVE\/CVE-2022-4270", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4270", - "description": "Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:43Z", - "updated_at": "2022-12-27T23:51:43Z", - "pushed_at": "2022-12-27T23:51:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42707.json b/2022/CVE-2022-42707.json new file mode 100644 index 0000000000..12312d878d --- /dev/null +++ b/2022/CVE-2022-42707.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981604, + "name": "CVE-2022-42707", + "full_name": "Live-Hack-CVE\/CVE-2022-42707", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42707", + "description": "In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:13Z", + "updated_at": "2022-12-28T12:15:13Z", + "pushed_at": "2022-12-28T12:15:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-4271.json b/2022/CVE-2022-4271.json deleted file mode 100644 index f98f54dd95..0000000000 --- a/2022/CVE-2022-4271.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812179, - "name": "CVE-2022-4271", - "full_name": "Live-Hack-CVE\/CVE-2022-4271", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-4271", - "description": "Cross-site Scripting (XSS) - Reflected in GitHub repository osticket\/osticket prior to 1.16.4. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:54Z", - "updated_at": "2022-12-27T23:52:54Z", - "pushed_at": "2022-12-27T23:52:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42732.json b/2022/CVE-2022-42732.json deleted file mode 100644 index 2ff9b12557..0000000000 --- a/2022/CVE-2022-42732.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582880848, - "name": "CVE-2022-42732", - "full_name": "Live-Hack-CVE\/CVE-2022-42732", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42732", - "description": "A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:55:41Z", - "updated_at": "2022-12-28T05:55:41Z", - "pushed_at": "2022-12-28T05:55:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42733.json b/2022/CVE-2022-42733.json deleted file mode 100644 index 1416044b16..0000000000 --- a/2022/CVE-2022-42733.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582880947, - "name": "CVE-2022-42733", - "full_name": "Live-Hack-CVE\/CVE-2022-42733", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42733", - "description": "A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:56:05Z", - "updated_at": "2022-12-28T05:56:05Z", - "pushed_at": "2022-12-28T05:56:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42734.json b/2022/CVE-2022-42734.json deleted file mode 100644 index dbec0f6c2f..0000000000 --- a/2022/CVE-2022-42734.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582880905, - "name": "CVE-2022-42734", - "full_name": "Live-Hack-CVE\/CVE-2022-42734", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42734", - "description": "A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:55:54Z", - "updated_at": "2022-12-28T05:55:55Z", - "pushed_at": "2022-12-28T05:55:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42746.json b/2022/CVE-2022-42746.json deleted file mode 100644 index daaa88eb35..0000000000 --- a/2022/CVE-2022-42746.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817555, - "name": "CVE-2022-42746", - "full_name": "Live-Hack-CVE\/CVE-2022-42746", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42746", - "description": "CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:01Z", - "updated_at": "2022-12-28T00:24:01Z", - "pushed_at": "2022-12-28T00:24:04Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42747.json b/2022/CVE-2022-42747.json deleted file mode 100644 index cc938aec75..0000000000 --- a/2022/CVE-2022-42747.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817561, - "name": "CVE-2022-42747", - "full_name": "Live-Hack-CVE\/CVE-2022-42747", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42747", - "description": "CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:05Z", - "updated_at": "2022-12-28T00:24:05Z", - "pushed_at": "2022-12-28T00:24:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42748.json b/2022/CVE-2022-42748.json deleted file mode 100644 index 8c5fe78a49..0000000000 --- a/2022/CVE-2022-42748.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817574, - "name": "CVE-2022-42748", - "full_name": "Live-Hack-CVE\/CVE-2022-42748", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42748", - "description": "CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:08Z", - "updated_at": "2022-12-28T00:24:08Z", - "pushed_at": "2022-12-28T00:24:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42749.json b/2022/CVE-2022-42749.json deleted file mode 100644 index 12d31f6ef9..0000000000 --- a/2022/CVE-2022-42749.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817589, - "name": "CVE-2022-42749", - "full_name": "Live-Hack-CVE\/CVE-2022-42749", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42749", - "description": "CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:12Z", - "updated_at": "2022-12-28T00:24:12Z", - "pushed_at": "2022-12-28T00:24:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42786.json b/2022/CVE-2022-42786.json new file mode 100644 index 0000000000..17a9e6a6c1 --- /dev/null +++ b/2022/CVE-2022-42786.json @@ -0,0 +1,31 @@ +[ + { + "id": 582934223, + "name": "CVE-2022-42786", + "full_name": "Live-Hack-CVE\/CVE-2022-42786", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42786", + "description": "Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:25:09Z", + "updated_at": "2022-12-28T09:25:09Z", + "pushed_at": "2022-12-28T09:25:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42787.json b/2022/CVE-2022-42787.json deleted file mode 100644 index 80a2512883..0000000000 --- a/2022/CVE-2022-42787.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824709, - "name": "CVE-2022-42787", - "full_name": "Live-Hack-CVE\/CVE-2022-42787", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42787", - "description": "Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interactio CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:10Z", - "updated_at": "2022-12-28T01:06:10Z", - "pushed_at": "2022-12-28T01:06:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42801.json b/2022/CVE-2022-42801.json deleted file mode 100644 index 59b7a31313..0000000000 --- a/2022/CVE-2022-42801.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824785, - "name": "CVE-2022-42801", - "full_name": "Live-Hack-CVE\/CVE-2022-42801", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42801", - "description": "A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:38Z", - "updated_at": "2022-12-28T01:06:39Z", - "pushed_at": "2022-12-28T01:06:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42883.json b/2022/CVE-2022-42883.json deleted file mode 100644 index 4994ca69bf..0000000000 --- a/2022/CVE-2022-42883.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872300, - "name": "CVE-2022-42883", - "full_name": "Live-Hack-CVE\/CVE-2022-42883", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42883", - "description": "Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:01Z", - "updated_at": "2022-12-28T05:17:01Z", - "pushed_at": "2022-12-28T05:17:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42889.json b/2022/CVE-2022-42889.json deleted file mode 100644 index b3e692e7bf..0000000000 --- a/2022/CVE-2022-42889.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582850183, - "name": "CVE-2022-42889", - "full_name": "Live-Hack-CVE\/CVE-2022-42889", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42889", - "description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:21:19Z", - "updated_at": "2022-12-28T03:21:19Z", - "pushed_at": "2022-12-28T03:21:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42891.json b/2022/CVE-2022-42891.json deleted file mode 100644 index fdc61c0ecf..0000000000 --- a/2022/CVE-2022-42891.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582880916, - "name": "CVE-2022-42891", - "full_name": "Live-Hack-CVE\/CVE-2022-42891", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42891", - "description": "A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:55:58Z", - "updated_at": "2022-12-28T05:55:58Z", - "pushed_at": "2022-12-28T05:56:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42892.json b/2022/CVE-2022-42892.json deleted file mode 100644 index d5c291a257..0000000000 --- a/2022/CVE-2022-42892.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582880934, - "name": "CVE-2022-42892", - "full_name": "Live-Hack-CVE\/CVE-2022-42892", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42892", - "description": "A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:56:02Z", - "updated_at": "2022-12-28T05:56:02Z", - "pushed_at": "2022-12-28T05:56:04Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42895.json b/2022/CVE-2022-42895.json deleted file mode 100644 index f6f515ad71..0000000000 --- a/2022/CVE-2022-42895.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857736, - "name": "CVE-2022-42895", - "full_name": "Live-Hack-CVE\/CVE-2022-42895", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42895", - "description": "There is an infoleak vulnerability in the Linux kernel's net\/bluetooth\/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https:\/\/github.com\/torvalds\/linux\/commit\/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https:\/\/www.google.com\/url CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:37Z", - "updated_at": "2022-12-28T04:01:37Z", - "pushed_at": "2022-12-28T04:01:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42896.json b/2022/CVE-2022-42896.json deleted file mode 100644 index af1784deb3..0000000000 --- a/2022/CVE-2022-42896.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857723, - "name": "CVE-2022-42896", - "full_name": "Live-Hack-CVE\/CVE-2022-42896", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42896", - "description": "There are use-after-free vulnerabilities in the Linux kernel's net\/bluetooth\/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:33Z", - "updated_at": "2022-12-28T04:01:33Z", - "pushed_at": "2022-12-28T04:01:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42902.json b/2022/CVE-2022-42902.json new file mode 100644 index 0000000000..6b537a7bf9 --- /dev/null +++ b/2022/CVE-2022-42902.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913141, + "name": "CVE-2022-42902", + "full_name": "Live-Hack-CVE\/CVE-2022-42902", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42902", + "description": "In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server\/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:00Z", + "updated_at": "2022-12-28T08:06:00Z", + "pushed_at": "2022-12-28T08:06:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42903.json b/2022/CVE-2022-42903.json deleted file mode 100644 index 9b319c29a6..0000000000 --- a/2022/CVE-2022-42903.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872640, - "name": "CVE-2022-42903", - "full_name": "Live-Hack-CVE\/CVE-2022-42903", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42903", - "description": "Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:33Z", - "updated_at": "2022-12-28T05:18:33Z", - "pushed_at": "2022-12-28T05:18:35Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42904.json b/2022/CVE-2022-42904.json deleted file mode 100644 index 6711fc60bf..0000000000 --- a/2022/CVE-2022-42904.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872742, - "name": "CVE-2022-42904", - "full_name": "Live-Hack-CVE\/CVE-2022-42904", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42904", - "description": "Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:03Z", - "updated_at": "2022-12-28T05:19:03Z", - "pushed_at": "2022-12-28T05:19:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42905.json b/2022/CVE-2022-42905.json deleted file mode 100644 index 289a3b615d..0000000000 --- a/2022/CVE-2022-42905.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865022, - "name": "CVE-2022-42905", - "full_name": "Live-Hack-CVE\/CVE-2022-42905", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42905", - "description": "In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:59Z", - "updated_at": "2022-12-28T04:39:59Z", - "pushed_at": "2022-12-28T04:40:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42954.json b/2022/CVE-2022-42954.json new file mode 100644 index 0000000000..a2376d3bad --- /dev/null +++ b/2022/CVE-2022-42954.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901959, + "name": "CVE-2022-42954", + "full_name": "Live-Hack-CVE\/CVE-2022-42954", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42954", + "description": "Keyfactor EJBCA before 7.10.0 allows XSS. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:56Z", + "updated_at": "2022-12-28T07:21:56Z", + "pushed_at": "2022-12-28T07:21:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42955.json b/2022/CVE-2022-42955.json new file mode 100644 index 0000000000..007f5c1078 --- /dev/null +++ b/2022/CVE-2022-42955.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981698, + "name": "CVE-2022-42955", + "full_name": "Live-Hack-CVE\/CVE-2022-42955", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42955", + "description": "The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:33Z", + "updated_at": "2022-12-28T12:15:33Z", + "pushed_at": "2022-12-28T12:15:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42956.json b/2022/CVE-2022-42956.json new file mode 100644 index 0000000000..9c4acfdf08 --- /dev/null +++ b/2022/CVE-2022-42956.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981716, + "name": "CVE-2022-42956", + "full_name": "Live-Hack-CVE\/CVE-2022-42956", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42956", + "description": "The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:38Z", + "updated_at": "2022-12-28T12:15:38Z", + "pushed_at": "2022-12-28T12:15:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42964.json b/2022/CVE-2022-42964.json new file mode 100644 index 0000000000..8c45cf5728 --- /dev/null +++ b/2022/CVE-2022-42964.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958664, + "name": "CVE-2022-42964", + "full_name": "Live-Hack-CVE\/CVE-2022-42964", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42964", + "description": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:55Z", + "updated_at": "2022-12-28T10:51:55Z", + "pushed_at": "2022-12-28T10:51:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42965.json b/2022/CVE-2022-42965.json deleted file mode 100644 index fde8f35687..0000000000 --- a/2022/CVE-2022-42965.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824746, - "name": "CVE-2022-42965", - "full_name": "Live-Hack-CVE\/CVE-2022-42965", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42965", - "description": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:24Z", - "updated_at": "2022-12-28T01:06:24Z", - "pushed_at": "2022-12-28T01:06:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42966.json b/2022/CVE-2022-42966.json new file mode 100644 index 0000000000..dc4593a2f1 --- /dev/null +++ b/2022/CVE-2022-42966.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958676, + "name": "CVE-2022-42966", + "full_name": "Live-Hack-CVE\/CVE-2022-42966", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42966", + "description": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:58Z", + "updated_at": "2022-12-28T10:51:58Z", + "pushed_at": "2022-12-28T10:52:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42968.json b/2022/CVE-2022-42968.json deleted file mode 100644 index d33e7da789..0000000000 --- a/2022/CVE-2022-42968.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819306, - "name": "CVE-2022-42968", - "full_name": "Live-Hack-CVE\/CVE-2022-42968", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42968", - "description": "Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:39Z", - "updated_at": "2022-12-28T00:33:39Z", - "pushed_at": "2022-12-28T00:33:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42977.json b/2022/CVE-2022-42977.json new file mode 100644 index 0000000000..d277ffa0e0 --- /dev/null +++ b/2022/CVE-2022-42977.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913526, + "name": "CVE-2022-42977", + "full_name": "Live-Hack-CVE\/CVE-2022-42977", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42977", + "description": "The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:30Z", + "updated_at": "2022-12-28T08:07:30Z", + "pushed_at": "2022-12-28T08:07:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42978.json b/2022/CVE-2022-42978.json new file mode 100644 index 0000000000..1eea72e0b2 --- /dev/null +++ b/2022/CVE-2022-42978.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913394, + "name": "CVE-2022-42978", + "full_name": "Live-Hack-CVE\/CVE-2022-42978", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42978", + "description": "In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:58Z", + "updated_at": "2022-12-28T08:06:58Z", + "pushed_at": "2022-12-28T08:07:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42984.json b/2022/CVE-2022-42984.json new file mode 100644 index 0000000000..39758d1a61 --- /dev/null +++ b/2022/CVE-2022-42984.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913547, + "name": "CVE-2022-42984", + "full_name": "Live-Hack-CVE\/CVE-2022-42984", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42984", + "description": "WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:34Z", + "updated_at": "2022-12-28T08:07:34Z", + "pushed_at": "2022-12-28T08:07:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42985.json b/2022/CVE-2022-42985.json new file mode 100644 index 0000000000..932de13959 --- /dev/null +++ b/2022/CVE-2022-42985.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902243, + "name": "CVE-2022-42985", + "full_name": "Live-Hack-CVE\/CVE-2022-42985", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42985", + "description": "The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:59Z", + "updated_at": "2022-12-28T07:22:59Z", + "pushed_at": "2022-12-28T07:23:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42989.json b/2022/CVE-2022-42989.json deleted file mode 100644 index 9aa8aa4c43..0000000000 --- a/2022/CVE-2022-42989.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864845, - "name": "CVE-2022-42989", - "full_name": "Live-Hack-CVE\/CVE-2022-42989", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42989", - "description": "ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:08Z", - "updated_at": "2022-12-28T04:39:08Z", - "pushed_at": "2022-12-28T04:39:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-42990.json b/2022/CVE-2022-42990.json new file mode 100644 index 0000000000..f2a8be19f9 --- /dev/null +++ b/2022/CVE-2022-42990.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982603, + "name": "CVE-2022-42990", + "full_name": "Live-Hack-CVE\/CVE-2022-42990", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-42990", + "description": "Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component \/foms\/all-orders.php?status=Cancelled%20by%20Customer. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:39Z", + "updated_at": "2022-12-28T12:18:39Z", + "pushed_at": "2022-12-28T12:18:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43030.json b/2022/CVE-2022-43030.json new file mode 100644 index 0000000000..d70b4b6754 --- /dev/null +++ b/2022/CVE-2022-43030.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902638, + "name": "CVE-2022-43030", + "full_name": "Live-Hack-CVE\/CVE-2022-43030", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43030", + "description": "Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:24:44Z", + "updated_at": "2022-12-28T07:24:44Z", + "pushed_at": "2022-12-28T07:24:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43031.json b/2022/CVE-2022-43031.json new file mode 100644 index 0000000000..a41f315c5f --- /dev/null +++ b/2022/CVE-2022-43031.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958692, + "name": "CVE-2022-43031", + "full_name": "Live-Hack-CVE\/CVE-2022-43031", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43031", + "description": "DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:52:02Z", + "updated_at": "2022-12-28T10:52:02Z", + "pushed_at": "2022-12-28T10:52:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43046.json b/2022/CVE-2022-43046.json new file mode 100644 index 0000000000..78b49568e2 --- /dev/null +++ b/2022/CVE-2022-43046.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982796, + "name": "CVE-2022-43046", + "full_name": "Live-Hack-CVE\/CVE-2022-43046", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43046", + "description": "Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component \/foms\/place-order.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:19Z", + "updated_at": "2022-12-28T12:19:19Z", + "pushed_at": "2022-12-28T12:19:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43049.json b/2022/CVE-2022-43049.json new file mode 100644 index 0000000000..4e449c1926 --- /dev/null +++ b/2022/CVE-2022-43049.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981889, + "name": "CVE-2022-43049", + "full_name": "Live-Hack-CVE\/CVE-2022-43049", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43049", + "description": "Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component \/youthappam\/add-food.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:18Z", + "updated_at": "2022-12-28T12:16:18Z", + "pushed_at": "2022-12-28T12:16:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43050.json b/2022/CVE-2022-43050.json new file mode 100644 index 0000000000..4982e68159 --- /dev/null +++ b/2022/CVE-2022-43050.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982069, + "name": "CVE-2022-43050", + "full_name": "Live-Hack-CVE\/CVE-2022-43050", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43050", + "description": "Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:50Z", + "updated_at": "2022-12-28T12:16:50Z", + "pushed_at": "2022-12-28T12:16:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43051.json b/2022/CVE-2022-43051.json new file mode 100644 index 0000000000..789847621d --- /dev/null +++ b/2022/CVE-2022-43051.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981972, + "name": "CVE-2022-43051", + "full_name": "Live-Hack-CVE\/CVE-2022-43051", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43051", + "description": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/odlms\/classes\/Users.php?f=delete_test. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:35Z", + "updated_at": "2022-12-28T12:16:35Z", + "pushed_at": "2022-12-28T12:16:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43052.json b/2022/CVE-2022-43052.json new file mode 100644 index 0000000000..e3688564cb --- /dev/null +++ b/2022/CVE-2022-43052.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982054, + "name": "CVE-2022-43052", + "full_name": "Live-Hack-CVE\/CVE-2022-43052", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43052", + "description": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/odlms\/classes\/Users.php?f=delete. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:16:47Z", + "updated_at": "2022-12-28T12:16:47Z", + "pushed_at": "2022-12-28T12:16:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43058.json b/2022/CVE-2022-43058.json new file mode 100644 index 0000000000..74c34d3f84 --- /dev/null +++ b/2022/CVE-2022-43058.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958708, + "name": "CVE-2022-43058", + "full_name": "Live-Hack-CVE\/CVE-2022-43058", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43058", + "description": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/odlms\/\/classes\/Master.php?f=delete_activity. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:52:06Z", + "updated_at": "2022-12-28T10:52:06Z", + "pushed_at": "2022-12-28T10:52:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43071.json b/2022/CVE-2022-43071.json deleted file mode 100644 index 162a96d037..0000000000 --- a/2022/CVE-2022-43071.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873142, - "name": "CVE-2022-43071", - "full_name": "Live-Hack-CVE\/CVE-2022-43071", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43071", - "description": "A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:29Z", - "updated_at": "2022-12-28T05:20:29Z", - "pushed_at": "2022-12-28T05:20:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43074.json b/2022/CVE-2022-43074.json new file mode 100644 index 0000000000..5b68a9d63b --- /dev/null +++ b/2022/CVE-2022-43074.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936046, + "name": "CVE-2022-43074", + "full_name": "Live-Hack-CVE\/CVE-2022-43074", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43074", + "description": "AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component \/admin\/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:30:56Z", + "updated_at": "2022-12-28T09:30:56Z", + "pushed_at": "2022-12-28T09:30:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43096.json b/2022/CVE-2022-43096.json deleted file mode 100644 index b39ece515a..0000000000 --- a/2022/CVE-2022-43096.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873931, - "name": "CVE-2022-43096", - "full_name": "Live-Hack-CVE\/CVE-2022-43096", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43096", - "description": "Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:03Z", - "updated_at": "2022-12-28T05:24:03Z", - "pushed_at": "2022-12-28T05:24:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43117.json b/2022/CVE-2022-43117.json deleted file mode 100644 index ce046ba92e..0000000000 --- a/2022/CVE-2022-43117.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865630, - "name": "CVE-2022-43117", - "full_name": "Live-Hack-CVE\/CVE-2022-43117", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43117", - "description": "Sourcecodester Password Storage Application in PHP\/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:07Z", - "updated_at": "2022-12-28T04:43:07Z", - "pushed_at": "2022-12-28T04:43:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43118.json b/2022/CVE-2022-43118.json new file mode 100644 index 0000000000..c6d731f117 --- /dev/null +++ b/2022/CVE-2022-43118.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969371, + "name": "CVE-2022-43118", + "full_name": "Live-Hack-CVE\/CVE-2022-43118", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43118", + "description": "A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:31:29Z", + "updated_at": "2022-12-28T11:31:29Z", + "pushed_at": "2022-12-28T11:31:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43119.json b/2022/CVE-2022-43119.json new file mode 100644 index 0000000000..10a5a59954 --- /dev/null +++ b/2022/CVE-2022-43119.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969353, + "name": "CVE-2022-43119", + "full_name": "Live-Hack-CVE\/CVE-2022-43119", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43119", + "description": "A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:31:25Z", + "updated_at": "2022-12-28T11:31:25Z", + "pushed_at": "2022-12-28T11:31:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43120.json b/2022/CVE-2022-43120.json new file mode 100644 index 0000000000..a864a75731 --- /dev/null +++ b/2022/CVE-2022-43120.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969196, + "name": "CVE-2022-43120", + "full_name": "Live-Hack-CVE\/CVE-2022-43120", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43120", + "description": "A cross-site scripting (XSS) vulnerability in the \/panel\/fields\/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:54Z", + "updated_at": "2022-12-28T11:30:54Z", + "pushed_at": "2022-12-28T11:30:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43121.json b/2022/CVE-2022-43121.json new file mode 100644 index 0000000000..32fd6f053d --- /dev/null +++ b/2022/CVE-2022-43121.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969166, + "name": "CVE-2022-43121", + "full_name": "Live-Hack-CVE\/CVE-2022-43121", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43121", + "description": "A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:30:47Z", + "updated_at": "2022-12-28T11:30:47Z", + "pushed_at": "2022-12-28T11:30:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43135.json b/2022/CVE-2022-43135.json new file mode 100644 index 0000000000..250c232fc8 --- /dev/null +++ b/2022/CVE-2022-43135.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901913, + "name": "CVE-2022-43135", + "full_name": "Live-Hack-CVE\/CVE-2022-43135", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43135", + "description": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at \/diagnostic\/login.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:45Z", + "updated_at": "2022-12-28T07:21:45Z", + "pushed_at": "2022-12-28T07:21:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43138.json b/2022/CVE-2022-43138.json new file mode 100644 index 0000000000..54be84c128 --- /dev/null +++ b/2022/CVE-2022-43138.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891709, + "name": "CVE-2022-43138", + "full_name": "Live-Hack-CVE\/CVE-2022-43138", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43138", + "description": "Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:33Z", + "updated_at": "2022-12-28T06:40:33Z", + "pushed_at": "2022-12-28T06:40:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43140.json b/2022/CVE-2022-43140.json new file mode 100644 index 0000000000..04f1adcd46 --- /dev/null +++ b/2022/CVE-2022-43140.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891687, + "name": "CVE-2022-43140", + "full_name": "Live-Hack-CVE\/CVE-2022-43140", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43140", + "description": "kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:26Z", + "updated_at": "2022-12-28T06:40:26Z", + "pushed_at": "2022-12-28T06:40:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43142.json b/2022/CVE-2022-43142.json new file mode 100644 index 0000000000..b315a89d6d --- /dev/null +++ b/2022/CVE-2022-43142.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892113, + "name": "CVE-2022-43142", + "full_name": "Live-Hack-CVE\/CVE-2022-43142", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43142", + "description": "A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:01Z", + "updated_at": "2022-12-28T06:42:01Z", + "pushed_at": "2022-12-28T06:42:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43143.json b/2022/CVE-2022-43143.json deleted file mode 100644 index a97b0fae22..0000000000 --- a/2022/CVE-2022-43143.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872804, - "name": "CVE-2022-43143", - "full_name": "Live-Hack-CVE\/CVE-2022-43143", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43143", - "description": "A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:21Z", - "updated_at": "2022-12-28T05:19:21Z", - "pushed_at": "2022-12-28T05:19:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43144.json b/2022/CVE-2022-43144.json new file mode 100644 index 0000000000..36847f6992 --- /dev/null +++ b/2022/CVE-2022-43144.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969742, + "name": "CVE-2022-43144", + "full_name": "Live-Hack-CVE\/CVE-2022-43144", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43144", + "description": "A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:32:55Z", + "updated_at": "2022-12-28T11:32:55Z", + "pushed_at": "2022-12-28T11:32:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43146.json b/2022/CVE-2022-43146.json new file mode 100644 index 0000000000..aece529549 --- /dev/null +++ b/2022/CVE-2022-43146.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912683, + "name": "CVE-2022-43146", + "full_name": "Live-Hack-CVE\/CVE-2022-43146", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43146", + "description": "An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:25Z", + "updated_at": "2022-12-28T08:04:25Z", + "pushed_at": "2022-12-28T08:04:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43162.json b/2022/CVE-2022-43162.json new file mode 100644 index 0000000000..99f135417a --- /dev/null +++ b/2022/CVE-2022-43162.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892070, + "name": "CVE-2022-43162", + "full_name": "Live-Hack-CVE\/CVE-2022-43162", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43162", + "description": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/tests\/view_test.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:41:50Z", + "updated_at": "2022-12-28T06:41:51Z", + "pushed_at": "2022-12-28T06:41:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43163.json b/2022/CVE-2022-43163.json new file mode 100644 index 0000000000..dbf5f0eb3d --- /dev/null +++ b/2022/CVE-2022-43163.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892087, + "name": "CVE-2022-43163", + "full_name": "Live-Hack-CVE\/CVE-2022-43163", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43163", + "description": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/clients\/view_client.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:41:54Z", + "updated_at": "2022-12-28T06:41:54Z", + "pushed_at": "2022-12-28T06:41:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43171.json b/2022/CVE-2022-43171.json deleted file mode 100644 index 470cb32905..0000000000 --- a/2022/CVE-2022-43171.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874008, - "name": "CVE-2022-43171", - "full_name": "Live-Hack-CVE\/CVE-2022-43171", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43171", - "description": "A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:24Z", - "updated_at": "2022-12-28T05:24:24Z", - "pushed_at": "2022-12-28T05:24:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43179.json b/2022/CVE-2022-43179.json new file mode 100644 index 0000000000..3111a654ed --- /dev/null +++ b/2022/CVE-2022-43179.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892100, + "name": "CVE-2022-43179", + "full_name": "Live-Hack-CVE\/CVE-2022-43179", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43179", + "description": "Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component \/admin\/?page=user\/manage_user&id=. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:41:57Z", + "updated_at": "2022-12-28T06:41:57Z", + "pushed_at": "2022-12-28T06:41:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43192.json b/2022/CVE-2022-43192.json deleted file mode 100644 index 8b0879f7b5..0000000000 --- a/2022/CVE-2022-43192.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872650, - "name": "CVE-2022-43192", - "full_name": "Live-Hack-CVE\/CVE-2022-43192", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43192", - "description": "An arbitrary file upload vulnerability in the component \/dede\/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:36Z", - "updated_at": "2022-12-28T05:18:36Z", - "pushed_at": "2022-12-28T05:18:38Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43196.json b/2022/CVE-2022-43196.json deleted file mode 100644 index dfbda03043..0000000000 --- a/2022/CVE-2022-43196.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856849, - "name": "CVE-2022-43196", - "full_name": "Live-Hack-CVE\/CVE-2022-43196", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43196", - "description": "dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:58Z", - "updated_at": "2022-12-28T03:56:58Z", - "pushed_at": "2022-12-28T03:57:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43212.json b/2022/CVE-2022-43212.json deleted file mode 100644 index 088170348b..0000000000 --- a/2022/CVE-2022-43212.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857425, - "name": "CVE-2022-43212", - "full_name": "Live-Hack-CVE\/CVE-2022-43212", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43212", - "description": "Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:00:04Z", - "updated_at": "2022-12-28T04:00:04Z", - "pushed_at": "2022-12-28T04:00:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43213.json b/2022/CVE-2022-43213.json deleted file mode 100644 index 9cb78b6981..0000000000 --- a/2022/CVE-2022-43213.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856747, - "name": "CVE-2022-43213", - "full_name": "Live-Hack-CVE\/CVE-2022-43213", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43213", - "description": "Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:28Z", - "updated_at": "2022-12-28T03:56:28Z", - "pushed_at": "2022-12-28T03:56:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43214.json b/2022/CVE-2022-43214.json deleted file mode 100644 index 672f27fd73..0000000000 --- a/2022/CVE-2022-43214.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865810, - "name": "CVE-2022-43214", - "full_name": "Live-Hack-CVE\/CVE-2022-43214", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43214", - "description": "Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:44:01Z", - "updated_at": "2022-12-28T04:44:01Z", - "pushed_at": "2022-12-28T04:44:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43215.json b/2022/CVE-2022-43215.json deleted file mode 100644 index 650c2eb483..0000000000 --- a/2022/CVE-2022-43215.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865798, - "name": "CVE-2022-43215", - "full_name": "Live-Hack-CVE\/CVE-2022-43215", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43215", - "description": "Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:58Z", - "updated_at": "2022-12-28T04:43:58Z", - "pushed_at": "2022-12-28T04:44:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43229.json b/2022/CVE-2022-43229.json deleted file mode 100644 index e71fb5dd19..0000000000 --- a/2022/CVE-2022-43229.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582819270, - "name": "CVE-2022-43229", - "full_name": "Live-Hack-CVE\/CVE-2022-43229", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43229", - "description": "Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/bookings\/update_status.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:33:29Z", - "updated_at": "2022-12-28T00:33:29Z", - "pushed_at": "2022-12-28T00:33:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43234.json b/2022/CVE-2022-43234.json new file mode 100644 index 0000000000..2e5128ac7d --- /dev/null +++ b/2022/CVE-2022-43234.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901849, + "name": "CVE-2022-43234", + "full_name": "Live-Hack-CVE\/CVE-2022-43234", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43234", + "description": "An arbitrary file upload vulnerability in the \/attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:31Z", + "updated_at": "2022-12-28T07:21:31Z", + "pushed_at": "2022-12-28T07:21:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43256.json b/2022/CVE-2022-43256.json new file mode 100644 index 0000000000..32aa391458 --- /dev/null +++ b/2022/CVE-2022-43256.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922940, + "name": "CVE-2022-43256", + "full_name": "Live-Hack-CVE\/CVE-2022-43256", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43256", + "description": "SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component \/js\/player\/dmplayer\/dmku\/index.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:33Z", + "updated_at": "2022-12-28T08:43:33Z", + "pushed_at": "2022-12-28T08:43:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43262.json b/2022/CVE-2022-43262.json new file mode 100644 index 0000000000..680f95ed7d --- /dev/null +++ b/2022/CVE-2022-43262.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922961, + "name": "CVE-2022-43262", + "full_name": "Live-Hack-CVE\/CVE-2022-43262", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43262", + "description": "Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at \/hrm\/controller\/login.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:36Z", + "updated_at": "2022-12-28T08:43:36Z", + "pushed_at": "2022-12-28T08:43:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43263.json b/2022/CVE-2022-43263.json new file mode 100644 index 0000000000..94b3c5f9c6 --- /dev/null +++ b/2022/CVE-2022-43263.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922927, + "name": "CVE-2022-43263", + "full_name": "Live-Hack-CVE\/CVE-2022-43263", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43263", + "description": "A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:29Z", + "updated_at": "2022-12-28T08:43:29Z", + "pushed_at": "2022-12-28T08:43:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43264.json b/2022/CVE-2022-43264.json new file mode 100644 index 0000000000..e305c74b93 --- /dev/null +++ b/2022/CVE-2022-43264.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901884, + "name": "CVE-2022-43264", + "full_name": "Live-Hack-CVE\/CVE-2022-43264", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43264", + "description": "Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:38Z", + "updated_at": "2022-12-28T07:21:38Z", + "pushed_at": "2022-12-28T07:21:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43265.json b/2022/CVE-2022-43265.json new file mode 100644 index 0000000000..0036325405 --- /dev/null +++ b/2022/CVE-2022-43265.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913370, + "name": "CVE-2022-43265", + "full_name": "Live-Hack-CVE\/CVE-2022-43265", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43265", + "description": "An arbitrary file upload vulnerability in the component \/pages\/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:51Z", + "updated_at": "2022-12-28T08:06:51Z", + "pushed_at": "2022-12-28T08:06:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43272.json b/2022/CVE-2022-43272.json deleted file mode 100644 index 85a42ac47c..0000000000 --- a/2022/CVE-2022-43272.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812105, - "name": "CVE-2022-43272", - "full_name": "Live-Hack-CVE\/CVE-2022-43272", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43272", - "description": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:30Z", - "updated_at": "2022-12-27T23:52:30Z", - "pushed_at": "2022-12-27T23:52:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43277.json b/2022/CVE-2022-43277.json new file mode 100644 index 0000000000..2e9513401d --- /dev/null +++ b/2022/CVE-2022-43277.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969868, + "name": "CVE-2022-43277", + "full_name": "Live-Hack-CVE\/CVE-2022-43277", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43277", + "description": "Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip\/youthappam\/php_action\/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:20Z", + "updated_at": "2022-12-28T11:33:20Z", + "pushed_at": "2022-12-28T11:33:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43278.json b/2022/CVE-2022-43278.json new file mode 100644 index 0000000000..c118a91adb --- /dev/null +++ b/2022/CVE-2022-43278.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969842, + "name": "CVE-2022-43278", + "full_name": "Live-Hack-CVE\/CVE-2022-43278", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43278", + "description": "Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at \/php_action\/fetchSelectedCategories.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:17Z", + "updated_at": "2022-12-28T11:33:17Z", + "pushed_at": "2022-12-28T11:33:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43279.json b/2022/CVE-2022-43279.json new file mode 100644 index 0000000000..fc1c579bb0 --- /dev/null +++ b/2022/CVE-2022-43279.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913379, + "name": "CVE-2022-43279", + "full_name": "Live-Hack-CVE\/CVE-2022-43279", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43279", + "description": "LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component \/application\/views\/themeOptions\/update.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:55Z", + "updated_at": "2022-12-28T08:06:55Z", + "pushed_at": "2022-12-28T08:06:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43288.json b/2022/CVE-2022-43288.json new file mode 100644 index 0000000000..ea01c3a6a3 --- /dev/null +++ b/2022/CVE-2022-43288.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914470, + "name": "CVE-2022-43288", + "full_name": "Live-Hack-CVE\/CVE-2022-43288", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43288", + "description": "Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at \/rukovoditel\/index.php?module=logs\/view&type=php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:11:00Z", + "updated_at": "2022-12-28T08:11:00Z", + "pushed_at": "2022-12-28T08:11:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43290.json b/2022/CVE-2022-43290.json new file mode 100644 index 0000000000..4766ae7f26 --- /dev/null +++ b/2022/CVE-2022-43290.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958415, + "name": "CVE-2022-43290", + "full_name": "Live-Hack-CVE\/CVE-2022-43290", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43290", + "description": "Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/youthappam\/editcategory.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:08Z", + "updated_at": "2022-12-28T10:51:08Z", + "pushed_at": "2022-12-28T10:51:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43291.json b/2022/CVE-2022-43291.json new file mode 100644 index 0000000000..2c16d19b72 --- /dev/null +++ b/2022/CVE-2022-43291.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958436, + "name": "CVE-2022-43291", + "full_name": "Live-Hack-CVE\/CVE-2022-43291", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43291", + "description": "Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/youthappam\/editclient.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:11Z", + "updated_at": "2022-12-28T10:51:11Z", + "pushed_at": "2022-12-28T10:51:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43292.json b/2022/CVE-2022-43292.json new file mode 100644 index 0000000000..84fec308f0 --- /dev/null +++ b/2022/CVE-2022-43292.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958452, + "name": "CVE-2022-43292", + "full_name": "Live-Hack-CVE\/CVE-2022-43292", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43292", + "description": "Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/youthappam\/editfood.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:14Z", + "updated_at": "2022-12-28T10:51:14Z", + "pushed_at": "2022-12-28T10:51:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43294.json b/2022/CVE-2022-43294.json new file mode 100644 index 0000000000..aa79cb791c --- /dev/null +++ b/2022/CVE-2022-43294.json @@ -0,0 +1,31 @@ +[ + { + "id": 582893526, + "name": "CVE-2022-43294", + "full_name": "Live-Hack-CVE\/CVE-2022-43294", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43294", + "description": "Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib\/libesp32\/rtsp\/CRtspSession.cpp. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:47:40Z", + "updated_at": "2022-12-28T06:47:40Z", + "pushed_at": "2022-12-28T06:47:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43295.json b/2022/CVE-2022-43295.json new file mode 100644 index 0000000000..77e65d9722 --- /dev/null +++ b/2022/CVE-2022-43295.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913239, + "name": "CVE-2022-43295", + "full_name": "Live-Hack-CVE\/CVE-2022-43295", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43295", + "description": "XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf\/Stream.cc:795. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:19Z", + "updated_at": "2022-12-28T08:06:19Z", + "pushed_at": "2022-12-28T08:06:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43303.json b/2022/CVE-2022-43303.json new file mode 100644 index 0000000000..ac0b31538b --- /dev/null +++ b/2022/CVE-2022-43303.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981301, + "name": "CVE-2022-43303", + "full_name": "Live-Hack-CVE\/CVE-2022-43303", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43303", + "description": "The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:12Z", + "updated_at": "2022-12-28T12:14:12Z", + "pushed_at": "2022-12-28T12:14:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43304.json b/2022/CVE-2022-43304.json new file mode 100644 index 0000000000..f942afcdeb --- /dev/null +++ b/2022/CVE-2022-43304.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981293, + "name": "CVE-2022-43304", + "full_name": "Live-Hack-CVE\/CVE-2022-43304", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43304", + "description": "The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:08Z", + "updated_at": "2022-12-28T12:14:08Z", + "pushed_at": "2022-12-28T12:14:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43305.json b/2022/CVE-2022-43305.json new file mode 100644 index 0000000000..4fd3d974ab --- /dev/null +++ b/2022/CVE-2022-43305.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981258, + "name": "CVE-2022-43305", + "full_name": "Live-Hack-CVE\/CVE-2022-43305", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43305", + "description": "The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:00Z", + "updated_at": "2022-12-28T12:14:00Z", + "pushed_at": "2022-12-28T12:14:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43306.json b/2022/CVE-2022-43306.json new file mode 100644 index 0000000000..5586385ff2 --- /dev/null +++ b/2022/CVE-2022-43306.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981245, + "name": "CVE-2022-43306", + "full_name": "Live-Hack-CVE\/CVE-2022-43306", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43306", + "description": "The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:55Z", + "updated_at": "2022-12-28T12:13:55Z", + "pushed_at": "2022-12-28T12:13:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43308.json b/2022/CVE-2022-43308.json deleted file mode 100644 index af89523549..0000000000 --- a/2022/CVE-2022-43308.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865068, - "name": "CVE-2022-43308", - "full_name": "Live-Hack-CVE\/CVE-2022-43308", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43308", - "description": "INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:09Z", - "updated_at": "2022-12-28T04:40:09Z", - "pushed_at": "2022-12-28T04:40:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43310.json b/2022/CVE-2022-43310.json new file mode 100644 index 0000000000..c3bb631cfd --- /dev/null +++ b/2022/CVE-2022-43310.json @@ -0,0 +1,31 @@ +[ + { + "id": 582945697, + "name": "CVE-2022-43310", + "full_name": "Live-Hack-CVE\/CVE-2022-43310", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43310", + "description": "An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:05:27Z", + "updated_at": "2022-12-28T10:05:27Z", + "pushed_at": "2022-12-28T10:05:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43317.json b/2022/CVE-2022-43317.json new file mode 100644 index 0000000000..b2733fe93d --- /dev/null +++ b/2022/CVE-2022-43317.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981336, + "name": "CVE-2022-43317", + "full_name": "Live-Hack-CVE\/CVE-2022-43317", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43317", + "description": "A cross-site scripting (XSS) vulnerability in \/hrm\/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:19Z", + "updated_at": "2022-12-28T12:14:19Z", + "pushed_at": "2022-12-28T12:14:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43318.json b/2022/CVE-2022-43318.json new file mode 100644 index 0000000000..6b8496c289 --- /dev/null +++ b/2022/CVE-2022-43318.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981348, + "name": "CVE-2022-43318", + "full_name": "Live-Hack-CVE\/CVE-2022-43318", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43318", + "description": "Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at \/hrm\/state.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:22Z", + "updated_at": "2022-12-28T12:14:22Z", + "pushed_at": "2022-12-28T12:14:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43319.json b/2022/CVE-2022-43319.json new file mode 100644 index 0000000000..a86bd158d5 --- /dev/null +++ b/2022/CVE-2022-43319.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981551, + "name": "CVE-2022-43319", + "full_name": "Live-Hack-CVE\/CVE-2022-43319", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43319", + "description": "An information disclosure vulnerability in the component vcs\/downloadFiles.php?download=.\/search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:15:02Z", + "updated_at": "2022-12-28T12:15:02Z", + "pushed_at": "2022-12-28T12:15:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43320.json b/2022/CVE-2022-43320.json new file mode 100644 index 0000000000..1e4a60ff82 --- /dev/null +++ b/2022/CVE-2022-43320.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958222, + "name": "CVE-2022-43320", + "full_name": "Live-Hack-CVE\/CVE-2022-43320", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43320", + "description": "FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at \/web\/admin\/index.php?r=log%2Fview-layer. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:50:23Z", + "updated_at": "2022-12-28T10:50:23Z", + "pushed_at": "2022-12-28T10:50:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43321.json b/2022/CVE-2022-43321.json new file mode 100644 index 0000000000..3c780aec40 --- /dev/null +++ b/2022/CVE-2022-43321.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958384, + "name": "CVE-2022-43321", + "full_name": "Live-Hack-CVE\/CVE-2022-43321", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43321", + "description": "Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component \/common\/library\/Page.php. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:51:01Z", + "updated_at": "2022-12-28T10:51:01Z", + "pushed_at": "2022-12-28T10:51:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43323.json b/2022/CVE-2022-43323.json new file mode 100644 index 0000000000..5428f70f4d --- /dev/null +++ b/2022/CVE-2022-43323.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913747, + "name": "CVE-2022-43323", + "full_name": "Live-Hack-CVE\/CVE-2022-43323", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43323", + "description": "EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:12Z", + "updated_at": "2022-12-28T08:08:12Z", + "pushed_at": "2022-12-28T08:08:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43325.json b/2022/CVE-2022-43325.json deleted file mode 100644 index 61c8a31946..0000000000 --- a/2022/CVE-2022-43325.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811873, - "name": "CVE-2022-43325", - "full_name": "Live-Hack-CVE\/CVE-2022-43325", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43325", - "description": "An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:15Z", - "updated_at": "2022-12-27T23:51:15Z", - "pushed_at": "2022-12-27T23:51:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43332.json b/2022/CVE-2022-43332.json new file mode 100644 index 0000000000..48758d4201 --- /dev/null +++ b/2022/CVE-2022-43332.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891885, + "name": "CVE-2022-43332", + "full_name": "Live-Hack-CVE\/CVE-2022-43332", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43332", + "description": "A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:41:11Z", + "updated_at": "2022-12-28T06:41:11Z", + "pushed_at": "2022-12-28T06:41:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43342.json b/2022/CVE-2022-43342.json new file mode 100644 index 0000000000..62ff4cb4dc --- /dev/null +++ b/2022/CVE-2022-43342.json @@ -0,0 +1,31 @@ +[ + { + "id": 582914453, + "name": "CVE-2022-43342", + "full_name": "Live-Hack-CVE\/CVE-2022-43342", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43342", + "description": "A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:10:57Z", + "updated_at": "2022-12-28T08:10:57Z", + "pushed_at": "2022-12-28T08:10:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43343.json b/2022/CVE-2022-43343.json new file mode 100644 index 0000000000..8216e4eda5 --- /dev/null +++ b/2022/CVE-2022-43343.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981006, + "name": "CVE-2022-43343", + "full_name": "Live-Hack-CVE\/CVE-2022-43343", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43343", + "description": "N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:11Z", + "updated_at": "2022-12-28T12:13:11Z", + "pushed_at": "2022-12-28T12:13:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43350.json b/2022/CVE-2022-43350.json new file mode 100644 index 0000000000..1adc72c3d5 --- /dev/null +++ b/2022/CVE-2022-43350.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982765, + "name": "CVE-2022-43350", + "full_name": "Live-Hack-CVE\/CVE-2022-43350", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43350", + "description": "Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/php-sms\/classes\/Master.php?f=delete_inquiry. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:12Z", + "updated_at": "2022-12-28T12:19:12Z", + "pushed_at": "2022-12-28T12:19:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43351.json b/2022/CVE-2022-43351.json new file mode 100644 index 0000000000..0b60c185a0 --- /dev/null +++ b/2022/CVE-2022-43351.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982778, + "name": "CVE-2022-43351", + "full_name": "Live-Hack-CVE\/CVE-2022-43351", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43351", + "description": "Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component \/classes\/Master.php?f=delete_img. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:15Z", + "updated_at": "2022-12-28T12:19:15Z", + "pushed_at": "2022-12-28T12:19:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43352.json b/2022/CVE-2022-43352.json new file mode 100644 index 0000000000..619d742934 --- /dev/null +++ b/2022/CVE-2022-43352.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982810, + "name": "CVE-2022-43352", + "full_name": "Live-Hack-CVE\/CVE-2022-43352", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43352", + "description": "Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/php-sms\/classes\/Master.php?f=delete_quote. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:22Z", + "updated_at": "2022-12-28T12:19:22Z", + "pushed_at": "2022-12-28T12:19:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43359.json b/2022/CVE-2022-43359.json new file mode 100644 index 0000000000..9795bc30d4 --- /dev/null +++ b/2022/CVE-2022-43359.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980504, + "name": "CVE-2022-43359", + "full_name": "Live-Hack-CVE\/CVE-2022-43359", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43359", + "description": "Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:27Z", + "updated_at": "2022-12-28T12:11:27Z", + "pushed_at": "2022-12-28T12:11:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43397.json b/2022/CVE-2022-43397.json new file mode 100644 index 0000000000..505eb0e06e --- /dev/null +++ b/2022/CVE-2022-43397.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981396, + "name": "CVE-2022-43397", + "full_name": "Live-Hack-CVE\/CVE-2022-43397", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43397", + "description": "A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could al CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:33Z", + "updated_at": "2022-12-28T12:14:33Z", + "pushed_at": "2022-12-28T12:14:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43398.json b/2022/CVE-2022-43398.json new file mode 100644 index 0000000000..956fe56d8c --- /dev/null +++ b/2022/CVE-2022-43398.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970068, + "name": "CVE-2022-43398", + "full_name": "Live-Hack-CVE\/CVE-2022-43398", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43398", + "description": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login\/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After th CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:34:00Z", + "updated_at": "2022-12-28T11:34:00Z", + "pushed_at": "2022-12-28T11:34:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43439.json b/2022/CVE-2022-43439.json new file mode 100644 index 0000000000..cafec9f052 --- /dev/null +++ b/2022/CVE-2022-43439.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970023, + "name": "CVE-2022-43439", + "full_name": "Live-Hack-CVE\/CVE-2022-43439", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43439", + "description": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443\/tcp. This could allow an authenticated remote attacker to crash the device (f CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:49Z", + "updated_at": "2022-12-28T11:33:49Z", + "pushed_at": "2022-12-28T11:33:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43447.json b/2022/CVE-2022-43447.json new file mode 100644 index 0000000000..bf00846d4a --- /dev/null +++ b/2022/CVE-2022-43447.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891813, + "name": "CVE-2022-43447", + "full_name": "Live-Hack-CVE\/CVE-2022-43447", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43447", + "description": "SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:53Z", + "updated_at": "2022-12-28T06:40:54Z", + "pushed_at": "2022-12-28T06:40:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43452.json b/2022/CVE-2022-43452.json new file mode 100644 index 0000000000..874cffa115 --- /dev/null +++ b/2022/CVE-2022-43452.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891854, + "name": "CVE-2022-43452", + "full_name": "Live-Hack-CVE\/CVE-2022-43452", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43452", + "description": "SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:41:04Z", + "updated_at": "2022-12-28T06:41:04Z", + "pushed_at": "2022-12-28T06:41:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43457.json b/2022/CVE-2022-43457.json new file mode 100644 index 0000000000..cef9bac387 --- /dev/null +++ b/2022/CVE-2022-43457.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891839, + "name": "CVE-2022-43457", + "full_name": "Live-Hack-CVE\/CVE-2022-43457", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43457", + "description": "SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:41:01Z", + "updated_at": "2022-12-28T06:41:01Z", + "pushed_at": "2022-12-28T06:41:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43481.json b/2022/CVE-2022-43481.json new file mode 100644 index 0000000000..eca2b70d33 --- /dev/null +++ b/2022/CVE-2022-43481.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970931, + "name": "CVE-2022-43481", + "full_name": "Live-Hack-CVE\/CVE-2022-43481", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43481", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:03Z", + "updated_at": "2022-12-28T11:37:03Z", + "pushed_at": "2022-12-28T11:37:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43488.json b/2022/CVE-2022-43488.json new file mode 100644 index 0000000000..12d1537c4b --- /dev/null +++ b/2022/CVE-2022-43488.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969995, + "name": "CVE-2022-43488", + "full_name": "Live-Hack-CVE\/CVE-2022-43488", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43488", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:43Z", + "updated_at": "2022-12-28T11:33:43Z", + "pushed_at": "2022-12-28T11:33:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43491.json b/2022/CVE-2022-43491.json new file mode 100644 index 0000000000..2b790327f2 --- /dev/null +++ b/2022/CVE-2022-43491.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970912, + "name": "CVE-2022-43491", + "full_name": "Live-Hack-CVE\/CVE-2022-43491", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43491", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:00Z", + "updated_at": "2022-12-28T11:37:00Z", + "pushed_at": "2022-12-28T11:37:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43492.json b/2022/CVE-2022-43492.json deleted file mode 100644 index c839f96699..0000000000 --- a/2022/CVE-2022-43492.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872280, - "name": "CVE-2022-43492", - "full_name": "Live-Hack-CVE\/CVE-2022-43492", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43492", - "description": "Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:54Z", - "updated_at": "2022-12-28T05:16:54Z", - "pushed_at": "2022-12-28T05:16:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43506.json b/2022/CVE-2022-43506.json new file mode 100644 index 0000000000..4a7a83a2b9 --- /dev/null +++ b/2022/CVE-2022-43506.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891593, + "name": "CVE-2022-43506", + "full_name": "Live-Hack-CVE\/CVE-2022-43506", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43506", + "description": "SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:05Z", + "updated_at": "2022-12-28T06:40:05Z", + "pushed_at": "2022-12-28T06:40:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43545.json b/2022/CVE-2022-43545.json new file mode 100644 index 0000000000..add9593695 --- /dev/null +++ b/2022/CVE-2022-43545.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970039, + "name": "CVE-2022-43545", + "full_name": "Live-Hack-CVE\/CVE-2022-43545", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43545", + "description": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443\/tcp. This could allow an authenticated remote attacker to crash the device CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:53Z", + "updated_at": "2022-12-28T11:33:53Z", + "pushed_at": "2022-12-28T11:33:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43546.json b/2022/CVE-2022-43546.json new file mode 100644 index 0000000000..5164017cfc --- /dev/null +++ b/2022/CVE-2022-43546.json @@ -0,0 +1,31 @@ +[ + { + "id": 582970008, + "name": "CVE-2022-43546", + "full_name": "Live-Hack-CVE\/CVE-2022-43546", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43546", + "description": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443\/tcp. This could allow an authenticated remote attacker to crash the device (fo CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:46Z", + "updated_at": "2022-12-28T11:33:46Z", + "pushed_at": "2022-12-28T11:33:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43562.json b/2022/CVE-2022-43562.json new file mode 100644 index 0000000000..2d7eb388d6 --- /dev/null +++ b/2022/CVE-2022-43562.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969813, + "name": "CVE-2022-43562", + "full_name": "Live-Hack-CVE\/CVE-2022-43562", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43562", + "description": "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:09Z", + "updated_at": "2022-12-28T11:33:09Z", + "pushed_at": "2022-12-28T11:33:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43563.json b/2022/CVE-2022-43563.json new file mode 100644 index 0000000000..735a0226db --- /dev/null +++ b/2022/CVE-2022-43563.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982120, + "name": "CVE-2022-43563", + "full_name": "Live-Hack-CVE\/CVE-2022-43563", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43563", + "description": "In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https:\/\/docs.splunk.com\/Documentation\/SplunkCloud\/latest\/Security\/SPLsafeguards . The vulnerability requires the attacker to phish the victim by trickin CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:00Z", + "updated_at": "2022-12-28T12:17:00Z", + "pushed_at": "2022-12-28T12:17:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43564.json b/2022/CVE-2022-43564.json new file mode 100644 index 0000000000..86402c5b38 --- /dev/null +++ b/2022/CVE-2022-43564.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982153, + "name": "CVE-2022-43564", + "full_name": "Live-Hack-CVE\/CVE-2022-43564", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43564", + "description": "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:08Z", + "updated_at": "2022-12-28T12:17:08Z", + "pushed_at": "2022-12-28T12:17:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43565.json b/2022/CVE-2022-43565.json new file mode 100644 index 0000000000..48149478d4 --- /dev/null +++ b/2022/CVE-2022-43565.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982260, + "name": "CVE-2022-43565", + "full_name": "Live-Hack-CVE\/CVE-2022-43565", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43565", + "description": "In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https:\/\/docs.splunk.com\/Documentation\/SplunkCloud\/latest\/Security\/SPLsafeguards . The vulnerability requires the attacker to phish th CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:29Z", + "updated_at": "2022-12-28T12:17:29Z", + "pushed_at": "2022-12-28T12:17:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43566.json b/2022/CVE-2022-43566.json new file mode 100644 index 0000000000..e25f9faf62 --- /dev/null +++ b/2022/CVE-2022-43566.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982366, + "name": "CVE-2022-43566", + "full_name": "Live-Hack-CVE\/CVE-2022-43566", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43566", + "description": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https:\/\/docs.splunk.com\/Documentation\/SplunkCloud\/latest\/Security\/SPLsafeguards in the Analytics Workspace. The vulnerability CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:51Z", + "updated_at": "2022-12-28T12:17:51Z", + "pushed_at": "2022-12-28T12:17:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43567.json b/2022/CVE-2022-43567.json new file mode 100644 index 0000000000..c125a99813 --- /dev/null +++ b/2022/CVE-2022-43567.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980544, + "name": "CVE-2022-43567", + "full_name": "Live-Hack-CVE\/CVE-2022-43567", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43567", + "description": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:38Z", + "updated_at": "2022-12-28T12:11:38Z", + "pushed_at": "2022-12-28T12:11:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43569.json b/2022/CVE-2022-43569.json new file mode 100644 index 0000000000..4020cbbe86 --- /dev/null +++ b/2022/CVE-2022-43569.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980641, + "name": "CVE-2022-43569", + "full_name": "Live-Hack-CVE\/CVE-2022-43569", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43569", + "description": "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:55Z", + "updated_at": "2022-12-28T12:11:55Z", + "pushed_at": "2022-12-28T12:11:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43570.json b/2022/CVE-2022-43570.json new file mode 100644 index 0000000000..f84168ffdc --- /dev/null +++ b/2022/CVE-2022-43570.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980890, + "name": "CVE-2022-43570", + "full_name": "Live-Hack-CVE\/CVE-2022-43570", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43570", + "description": "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:46Z", + "updated_at": "2022-12-28T12:12:46Z", + "pushed_at": "2022-12-28T12:12:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43572.json b/2022/CVE-2022-43572.json new file mode 100644 index 0000000000..90126f5513 --- /dev/null +++ b/2022/CVE-2022-43572.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980899, + "name": "CVE-2022-43572", + "full_name": "Live-Hack-CVE\/CVE-2022-43572", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43572", + "description": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:12:49Z", + "updated_at": "2022-12-28T12:12:49Z", + "pushed_at": "2022-12-28T12:12:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43588.json b/2022/CVE-2022-43588.json deleted file mode 100644 index c55f367b94..0000000000 --- a/2022/CVE-2022-43588.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833874, - "name": "CVE-2022-43588", - "full_name": "Live-Hack-CVE\/CVE-2022-43588", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43588", - "description": "A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I\/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:50Z", - "updated_at": "2022-12-28T01:57:50Z", - "pushed_at": "2022-12-28T01:57:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43589.json b/2022/CVE-2022-43589.json deleted file mode 100644 index 78330f490b..0000000000 --- a/2022/CVE-2022-43589.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833853, - "name": "CVE-2022-43589", - "full_name": "Live-Hack-CVE\/CVE-2022-43589", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43589", - "description": "A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I\/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:43Z", - "updated_at": "2022-12-28T01:57:43Z", - "pushed_at": "2022-12-28T01:57:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43590.json b/2022/CVE-2022-43590.json deleted file mode 100644 index b69202e4a0..0000000000 --- a/2022/CVE-2022-43590.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833860, - "name": "CVE-2022-43590", - "full_name": "Live-Hack-CVE\/CVE-2022-43590", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43590", - "description": "A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I\/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:46Z", - "updated_at": "2022-12-28T01:57:46Z", - "pushed_at": "2022-12-28T01:57:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43671.json b/2022/CVE-2022-43671.json new file mode 100644 index 0000000000..b49f1acc16 --- /dev/null +++ b/2022/CVE-2022-43671.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924153, + "name": "CVE-2022-43671", + "full_name": "Live-Hack-CVE\/CVE-2022-43671", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43671", + "description": "Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:08Z", + "updated_at": "2022-12-28T08:48:08Z", + "pushed_at": "2022-12-28T08:48:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43672.json b/2022/CVE-2022-43672.json new file mode 100644 index 0000000000..73fa5c5795 --- /dev/null +++ b/2022/CVE-2022-43672.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913708, + "name": "CVE-2022-43672", + "full_name": "Live-Hack-CVE\/CVE-2022-43672", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43672", + "description": "Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:05Z", + "updated_at": "2022-12-28T08:08:05Z", + "pushed_at": "2022-12-28T08:08:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43673.json b/2022/CVE-2022-43673.json deleted file mode 100644 index 8cc72b3222..0000000000 --- a/2022/CVE-2022-43673.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865001, - "name": "CVE-2022-43673", - "full_name": "Live-Hack-CVE\/CVE-2022-43673", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43673", - "description": "Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\\Roaming\\Wire\\IndexedDB\\https_app.wire.com_0.indexeddb.leveldb database. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:54Z", - "updated_at": "2022-12-28T04:39:54Z", - "pushed_at": "2022-12-28T04:39:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43679.json b/2022/CVE-2022-43679.json new file mode 100644 index 0000000000..416523f5a8 --- /dev/null +++ b/2022/CVE-2022-43679.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936325, + "name": "CVE-2022-43679", + "full_name": "Live-Hack-CVE\/CVE-2022-43679", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43679", + "description": "The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:56Z", + "updated_at": "2022-12-28T09:31:56Z", + "pushed_at": "2022-12-28T09:31:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43680.json b/2022/CVE-2022-43680.json deleted file mode 100644 index 5a01a57eaa..0000000000 --- a/2022/CVE-2022-43680.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824524, - "name": "CVE-2022-43680", - "full_name": "Live-Hack-CVE\/CVE-2022-43680", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43680", - "description": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:05:15Z", - "updated_at": "2022-12-28T01:05:15Z", - "pushed_at": "2022-12-28T01:05:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43685.json b/2022/CVE-2022-43685.json deleted file mode 100644 index ec5db56e24..0000000000 --- a/2022/CVE-2022-43685.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864589, - "name": "CVE-2022-43685", - "full_name": "Live-Hack-CVE\/CVE-2022-43685", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43685", - "description": "CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:39Z", - "updated_at": "2022-12-28T04:37:39Z", - "pushed_at": "2022-12-28T04:37:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43686.json b/2022/CVE-2022-43686.json new file mode 100644 index 0000000000..e41a298e4a --- /dev/null +++ b/2022/CVE-2022-43686.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902418, + "name": "CVE-2022-43686", + "full_name": "Live-Hack-CVE\/CVE-2022-43686", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43686", + "description": "In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:45Z", + "updated_at": "2022-12-28T07:23:45Z", + "pushed_at": "2022-12-28T07:23:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43687.json b/2022/CVE-2022-43687.json new file mode 100644 index 0000000000..ce54610150 --- /dev/null +++ b/2022/CVE-2022-43687.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912836, + "name": "CVE-2022-43687", + "full_name": "Live-Hack-CVE\/CVE-2022-43687", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43687", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:57Z", + "updated_at": "2022-12-28T08:04:57Z", + "pushed_at": "2022-12-28T08:04:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43688.json b/2022/CVE-2022-43688.json new file mode 100644 index 0000000000..b987c862a2 --- /dev/null +++ b/2022/CVE-2022-43688.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913451, + "name": "CVE-2022-43688", + "full_name": "Live-Hack-CVE\/CVE-2022-43688", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43688", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:13Z", + "updated_at": "2022-12-28T08:07:13Z", + "pushed_at": "2022-12-28T08:07:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43689.json b/2022/CVE-2022-43689.json new file mode 100644 index 0000000000..b46666206d --- /dev/null +++ b/2022/CVE-2022-43689.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913462, + "name": "CVE-2022-43689", + "full_name": "Live-Hack-CVE\/CVE-2022-43689", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43689", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:16Z", + "updated_at": "2022-12-28T08:07:16Z", + "pushed_at": "2022-12-28T08:07:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43690.json b/2022/CVE-2022-43690.json new file mode 100644 index 0000000000..a31d504f32 --- /dev/null +++ b/2022/CVE-2022-43690.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913222, + "name": "CVE-2022-43690", + "full_name": "Live-Hack-CVE\/CVE-2022-43690", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43690", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:06:16Z", + "updated_at": "2022-12-28T08:06:16Z", + "pushed_at": "2022-12-28T08:06:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43691.json b/2022/CVE-2022-43691.json new file mode 100644 index 0000000000..e3c310ba45 --- /dev/null +++ b/2022/CVE-2022-43691.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912881, + "name": "CVE-2022-43691", + "full_name": "Live-Hack-CVE\/CVE-2022-43691", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43691", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:05:04Z", + "updated_at": "2022-12-28T08:05:04Z", + "pushed_at": "2022-12-28T08:05:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43692.json b/2022/CVE-2022-43692.json new file mode 100644 index 0000000000..f85a86de25 --- /dev/null +++ b/2022/CVE-2022-43692.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913688, + "name": "CVE-2022-43692", + "full_name": "Live-Hack-CVE\/CVE-2022-43692", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43692", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:02Z", + "updated_at": "2022-12-28T08:08:02Z", + "pushed_at": "2022-12-28T08:08:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43693.json b/2022/CVE-2022-43693.json new file mode 100644 index 0000000000..f7c33a6407 --- /dev/null +++ b/2022/CVE-2022-43693.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902433, + "name": "CVE-2022-43693", + "full_name": "Live-Hack-CVE\/CVE-2022-43693", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43693", + "description": "Concrete CMS is vulnerable to CSRF due to the lack of \"State\" parameter for external Concrete authentication service for users of Concrete who use the \"out of the box\" core OAuth. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:48Z", + "updated_at": "2022-12-28T07:23:48Z", + "pushed_at": "2022-12-28T07:23:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43694.json b/2022/CVE-2022-43694.json new file mode 100644 index 0000000000..3258f2931c --- /dev/null +++ b/2022/CVE-2022-43694.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913727, + "name": "CVE-2022-43694", + "full_name": "Live-Hack-CVE\/CVE-2022-43694", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43694", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:09Z", + "updated_at": "2022-12-28T08:08:09Z", + "pushed_at": "2022-12-28T08:08:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43695.json b/2022/CVE-2022-43695.json new file mode 100644 index 0000000000..8a8213e024 --- /dev/null +++ b/2022/CVE-2022-43695.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913423, + "name": "CVE-2022-43695", + "full_name": "Live-Hack-CVE\/CVE-2022-43695", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43695", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard\/system\/express\/entities\/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sani CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:07:06Z", + "updated_at": "2022-12-28T08:07:06Z", + "pushed_at": "2022-12-28T08:07:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43705.json b/2022/CVE-2022-43705.json deleted file mode 100644 index 78afe633dd..0000000000 --- a/2022/CVE-2022-43705.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839797, - "name": "CVE-2022-43705", - "full_name": "Live-Hack-CVE\/CVE-2022-43705", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43705", - "description": "In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:28:26Z", - "updated_at": "2022-12-28T02:28:26Z", - "pushed_at": "2022-12-28T02:28:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43707.json b/2022/CVE-2022-43707.json deleted file mode 100644 index e9a3e34126..0000000000 --- a/2022/CVE-2022-43707.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872944, - "name": "CVE-2022-43707", - "full_name": "Live-Hack-CVE\/CVE-2022-43707", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43707", - "description": "MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:50Z", - "updated_at": "2022-12-28T05:19:50Z", - "pushed_at": "2022-12-28T05:19:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43708.json b/2022/CVE-2022-43708.json deleted file mode 100644 index b4105d92f3..0000000000 --- a/2022/CVE-2022-43708.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872930, - "name": "CVE-2022-43708", - "full_name": "Live-Hack-CVE\/CVE-2022-43708", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43708", - "description": "MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:46Z", - "updated_at": "2022-12-28T05:19:46Z", - "pushed_at": "2022-12-28T05:19:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43709.json b/2022/CVE-2022-43709.json deleted file mode 100644 index b1418d969d..0000000000 --- a/2022/CVE-2022-43709.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872819, - "name": "CVE-2022-43709", - "full_name": "Live-Hack-CVE\/CVE-2022-43709", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43709", - "description": "MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:24Z", - "updated_at": "2022-12-28T05:19:24Z", - "pushed_at": "2022-12-28T05:19:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43751.json b/2022/CVE-2022-43751.json deleted file mode 100644 index e179f0386f..0000000000 --- a/2022/CVE-2022-43751.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857347, - "name": "CVE-2022-43751", - "full_name": "Live-Hack-CVE\/CVE-2022-43751", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43751", - "description": "McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:43Z", - "updated_at": "2022-12-28T03:59:43Z", - "pushed_at": "2022-12-28T03:59:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43753.json b/2022/CVE-2022-43753.json new file mode 100644 index 0000000000..28fa6d99ea --- /dev/null +++ b/2022/CVE-2022-43753.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924216, + "name": "CVE-2022-43753", + "full_name": "Live-Hack-CVE\/CVE-2022-43753", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43753", + "description": "A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk\/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user run CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:22Z", + "updated_at": "2022-12-28T08:48:22Z", + "pushed_at": "2022-12-28T08:48:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43754.json b/2022/CVE-2022-43754.json new file mode 100644 index 0000000000..3c45c36885 --- /dev/null +++ b/2022/CVE-2022-43754.json @@ -0,0 +1,31 @@ +[ + { + "id": 582924302, + "name": "CVE-2022-43754", + "full_name": "Live-Hack-CVE\/CVE-2022-43754", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43754", + "description": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk\/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via \/rh CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:48:39Z", + "updated_at": "2022-12-28T08:48:39Z", + "pushed_at": "2022-12-28T08:48:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43781.json b/2022/CVE-2022-43781.json new file mode 100644 index 0000000000..d79a4d5003 --- /dev/null +++ b/2022/CVE-2022-43781.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891770, + "name": "CVE-2022-43781", + "full_name": "Live-Hack-CVE\/CVE-2022-43781", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43781", + "description": "There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:43Z", + "updated_at": "2022-12-28T06:40:43Z", + "pushed_at": "2022-12-28T06:40:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43782.json b/2022/CVE-2022-43782.json new file mode 100644 index 0000000000..4c58b8eb56 --- /dev/null +++ b/2022/CVE-2022-43782.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891784, + "name": "CVE-2022-43782", + "full_name": "Live-Hack-CVE\/CVE-2022-43782", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43782", + "description": "Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application a CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:46Z", + "updated_at": "2022-12-28T06:40:46Z", + "pushed_at": "2022-12-28T06:40:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43958.json b/2022/CVE-2022-43958.json new file mode 100644 index 0000000000..67b26dda47 --- /dev/null +++ b/2022/CVE-2022-43958.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969796, + "name": "CVE-2022-43958", + "full_name": "Live-Hack-CVE\/CVE-2022-43958", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43958", + "description": "A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:06Z", + "updated_at": "2022-12-28T11:33:06Z", + "pushed_at": "2022-12-28T11:33:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43967.json b/2022/CVE-2022-43967.json new file mode 100644 index 0000000000..bc3ee5503b --- /dev/null +++ b/2022/CVE-2022-43967.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902403, + "name": "CVE-2022-43967", + "full_name": "Live-Hack-CVE\/CVE-2022-43967", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43967", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:42Z", + "updated_at": "2022-12-28T07:23:42Z", + "pushed_at": "2022-12-28T07:23:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43968.json b/2022/CVE-2022-43968.json new file mode 100644 index 0000000000..a485e6faff --- /dev/null +++ b/2022/CVE-2022-43968.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902390, + "name": "CVE-2022-43968", + "full_name": "Live-Hack-CVE\/CVE-2022-43968", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43968", + "description": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:38Z", + "updated_at": "2022-12-28T07:23:38Z", + "pushed_at": "2022-12-28T07:23:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-43983.json b/2022/CVE-2022-43983.json deleted file mode 100644 index 1c2f83f655..0000000000 --- a/2022/CVE-2022-43983.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848425, - "name": "CVE-2022-43983", - "full_name": "Live-Hack-CVE\/CVE-2022-43983", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43983", - "description": "Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:\/\/ protocol. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:35Z", - "updated_at": "2022-12-28T03:12:35Z", - "pushed_at": "2022-12-28T03:12:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43984.json b/2022/CVE-2022-43984.json deleted file mode 100644 index b1783934b8..0000000000 --- a/2022/CVE-2022-43984.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848414, - "name": "CVE-2022-43984", - "full_name": "Live-Hack-CVE\/CVE-2022-43984", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43984", - "description": "Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:\/\/ protocol. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:31Z", - "updated_at": "2022-12-28T03:12:31Z", - "pushed_at": "2022-12-28T03:12:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-43995.json b/2022/CVE-2022-43995.json deleted file mode 100644 index 02b08e5abc..0000000000 --- a/2022/CVE-2022-43995.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811589, - "name": "CVE-2022-43995", - "full_name": "Live-Hack-CVE\/CVE-2022-43995", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-43995", - "description": "Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins\/sudoers\/auth\/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:27Z", - "updated_at": "2022-12-27T23:49:27Z", - "pushed_at": "2022-12-27T23:49:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44001.json b/2022/CVE-2022-44001.json new file mode 100644 index 0000000000..b3797b32d9 --- /dev/null +++ b/2022/CVE-2022-44001.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891826, + "name": "CVE-2022-44001", + "full_name": "Live-Hack-CVE\/CVE-2022-44001", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44001", + "description": "An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:57Z", + "updated_at": "2022-12-28T06:40:57Z", + "pushed_at": "2022-12-28T06:40:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44020.json b/2022/CVE-2022-44020.json deleted file mode 100644 index 7b791cac11..0000000000 --- a/2022/CVE-2022-44020.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849745, - "name": "CVE-2022-44020", - "full_name": "Live-Hack-CVE\/CVE-2022-44020", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44020", - "description": "An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an \"unsupported, production-like configuration.\" CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:19:16Z", - "updated_at": "2022-12-28T03:19:16Z", - "pushed_at": "2022-12-28T03:19:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44038.json b/2022/CVE-2022-44038.json deleted file mode 100644 index b423b03e8b..0000000000 --- a/2022/CVE-2022-44038.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833727, - "name": "CVE-2022-44038", - "full_name": "Live-Hack-CVE\/CVE-2022-44038", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44038", - "description": "Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:04Z", - "updated_at": "2022-12-28T01:57:04Z", - "pushed_at": "2022-12-28T01:57:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44048.json b/2022/CVE-2022-44048.json new file mode 100644 index 0000000000..64f1357c0d --- /dev/null +++ b/2022/CVE-2022-44048.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981129, + "name": "CVE-2022-44048", + "full_name": "Live-Hack-CVE\/CVE-2022-44048", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44048", + "description": "The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:33Z", + "updated_at": "2022-12-28T12:13:33Z", + "pushed_at": "2022-12-28T12:13:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44049.json b/2022/CVE-2022-44049.json new file mode 100644 index 0000000000..59297b5a69 --- /dev/null +++ b/2022/CVE-2022-44049.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981146, + "name": "CVE-2022-44049", + "full_name": "Live-Hack-CVE\/CVE-2022-44049", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44049", + "description": "The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:36Z", + "updated_at": "2022-12-28T12:13:36Z", + "pushed_at": "2022-12-28T12:13:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44050.json b/2022/CVE-2022-44050.json new file mode 100644 index 0000000000..0105db5411 --- /dev/null +++ b/2022/CVE-2022-44050.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981318, + "name": "CVE-2022-44050", + "full_name": "Live-Hack-CVE\/CVE-2022-44050", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44050", + "description": "The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:16Z", + "updated_at": "2022-12-28T12:14:16Z", + "pushed_at": "2022-12-28T12:14:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44051.json b/2022/CVE-2022-44051.json new file mode 100644 index 0000000000..20ed75ad35 --- /dev/null +++ b/2022/CVE-2022-44051.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981437, + "name": "CVE-2022-44051", + "full_name": "Live-Hack-CVE\/CVE-2022-44051", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44051", + "description": "The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:40Z", + "updated_at": "2022-12-28T12:14:40Z", + "pushed_at": "2022-12-28T12:14:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44052.json b/2022/CVE-2022-44052.json new file mode 100644 index 0000000000..8d210941d2 --- /dev/null +++ b/2022/CVE-2022-44052.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981534, + "name": "CVE-2022-44052", + "full_name": "Live-Hack-CVE\/CVE-2022-44052", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44052", + "description": "The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:58Z", + "updated_at": "2022-12-28T12:14:58Z", + "pushed_at": "2022-12-28T12:15:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44053.json b/2022/CVE-2022-44053.json new file mode 100644 index 0000000000..02d20de455 --- /dev/null +++ b/2022/CVE-2022-44053.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981416, + "name": "CVE-2022-44053", + "full_name": "Live-Hack-CVE\/CVE-2022-44053", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44053", + "description": "The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:36Z", + "updated_at": "2022-12-28T12:14:36Z", + "pushed_at": "2022-12-28T12:14:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44054.json b/2022/CVE-2022-44054.json new file mode 100644 index 0000000000..dcd6ba74f0 --- /dev/null +++ b/2022/CVE-2022-44054.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981457, + "name": "CVE-2022-44054", + "full_name": "Live-Hack-CVE\/CVE-2022-44054", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44054", + "description": "The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:14:44Z", + "updated_at": "2022-12-28T12:14:44Z", + "pushed_at": "2022-12-28T12:14:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44069.json b/2022/CVE-2022-44069.json new file mode 100644 index 0000000000..cd851cc3dd --- /dev/null +++ b/2022/CVE-2022-44069.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923045, + "name": "CVE-2022-44069", + "full_name": "Live-Hack-CVE\/CVE-2022-44069", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44069", + "description": "Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:57Z", + "updated_at": "2022-12-28T08:43:57Z", + "pushed_at": "2022-12-28T08:44:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44070.json b/2022/CVE-2022-44070.json new file mode 100644 index 0000000000..ba2680d578 --- /dev/null +++ b/2022/CVE-2022-44070.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923005, + "name": "CVE-2022-44070", + "full_name": "Live-Hack-CVE\/CVE-2022-44070", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44070", + "description": "Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:47Z", + "updated_at": "2022-12-28T08:43:47Z", + "pushed_at": "2022-12-28T08:43:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44071.json b/2022/CVE-2022-44071.json new file mode 100644 index 0000000000..8184d6dc1d --- /dev/null +++ b/2022/CVE-2022-44071.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922972, + "name": "CVE-2022-44071", + "full_name": "Live-Hack-CVE\/CVE-2022-44071", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44071", + "description": "Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:40Z", + "updated_at": "2022-12-28T08:43:40Z", + "pushed_at": "2022-12-28T08:43:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44073.json b/2022/CVE-2022-44073.json new file mode 100644 index 0000000000..f80d68d763 --- /dev/null +++ b/2022/CVE-2022-44073.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923018, + "name": "CVE-2022-44073", + "full_name": "Live-Hack-CVE\/CVE-2022-44073", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44073", + "description": "Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:43:50Z", + "updated_at": "2022-12-28T08:43:50Z", + "pushed_at": "2022-12-28T08:43:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44087.json b/2022/CVE-2022-44087.json new file mode 100644 index 0000000000..1e4beb147d --- /dev/null +++ b/2022/CVE-2022-44087.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936257, + "name": "CVE-2022-44087", + "full_name": "Live-Hack-CVE\/CVE-2022-44087", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44087", + "description": "ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:41Z", + "updated_at": "2022-12-28T09:31:41Z", + "pushed_at": "2022-12-28T09:31:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44088.json b/2022/CVE-2022-44088.json new file mode 100644 index 0000000000..ccffc7b016 --- /dev/null +++ b/2022/CVE-2022-44088.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936652, + "name": "CVE-2022-44088", + "full_name": "Live-Hack-CVE\/CVE-2022-44088", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44088", + "description": "ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:11Z", + "updated_at": "2022-12-28T09:33:11Z", + "pushed_at": "2022-12-28T09:33:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44089.json b/2022/CVE-2022-44089.json new file mode 100644 index 0000000000..2b0ce8ecf5 --- /dev/null +++ b/2022/CVE-2022-44089.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936276, + "name": "CVE-2022-44089", + "full_name": "Live-Hack-CVE\/CVE-2022-44089", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44089", + "description": "ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:31:45Z", + "updated_at": "2022-12-28T09:31:45Z", + "pushed_at": "2022-12-28T09:31:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44096.json b/2022/CVE-2022-44096.json deleted file mode 100644 index 28e5eb9bc3..0000000000 --- a/2022/CVE-2022-44096.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832661, - "name": "CVE-2022-44096", - "full_name": "Live-Hack-CVE\/CVE-2022-44096", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44096", - "description": "Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:32Z", - "updated_at": "2022-12-28T01:51:32Z", - "pushed_at": "2022-12-28T01:51:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44097.json b/2022/CVE-2022-44097.json deleted file mode 100644 index f957f448f9..0000000000 --- a/2022/CVE-2022-44097.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832672, - "name": "CVE-2022-44097", - "full_name": "Live-Hack-CVE\/CVE-2022-44097", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44097", - "description": "Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:35Z", - "updated_at": "2022-12-28T01:51:35Z", - "pushed_at": "2022-12-28T01:51:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44117.json b/2022/CVE-2022-44117.json deleted file mode 100644 index ea20b34bc7..0000000000 --- a/2022/CVE-2022-44117.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856888, - "name": "CVE-2022-44117", - "full_name": "Live-Hack-CVE\/CVE-2022-44117", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44117", - "description": "Boa 0.94.14rc21 is vulnerable to SQL Injection via username. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:11Z", - "updated_at": "2022-12-28T03:57:11Z", - "pushed_at": "2022-12-28T03:57:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44118.json b/2022/CVE-2022-44118.json deleted file mode 100644 index 832d6eb4d4..0000000000 --- a/2022/CVE-2022-44118.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856735, - "name": "CVE-2022-44118", - "full_name": "Live-Hack-CVE\/CVE-2022-44118", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44118", - "description": "dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:24Z", - "updated_at": "2022-12-28T03:56:24Z", - "pushed_at": "2022-12-28T03:56:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44120.json b/2022/CVE-2022-44120.json deleted file mode 100644 index 46d1e4fb88..0000000000 --- a/2022/CVE-2022-44120.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856839, - "name": "CVE-2022-44120", - "full_name": "Live-Hack-CVE\/CVE-2022-44120", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44120", - "description": "dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:54Z", - "updated_at": "2022-12-28T03:56:54Z", - "pushed_at": "2022-12-28T03:56:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44136.json b/2022/CVE-2022-44136.json deleted file mode 100644 index a9610c479d..0000000000 --- a/2022/CVE-2022-44136.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832360, - "name": "CVE-2022-44136", - "full_name": "Live-Hack-CVE\/CVE-2022-44136", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44136", - "description": "Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:54Z", - "updated_at": "2022-12-28T01:49:54Z", - "pushed_at": "2022-12-28T01:49:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44139.json b/2022/CVE-2022-44139.json deleted file mode 100644 index 8d8c2a059b..0000000000 --- a/2022/CVE-2022-44139.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863655, - "name": "CVE-2022-44139", - "full_name": "Live-Hack-CVE\/CVE-2022-44139", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44139", - "description": "Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via \/avms\/index.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:07Z", - "updated_at": "2022-12-28T04:33:07Z", - "pushed_at": "2022-12-28T04:33:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44140.json b/2022/CVE-2022-44140.json deleted file mode 100644 index 927c13116f..0000000000 --- a/2022/CVE-2022-44140.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856812, - "name": "CVE-2022-44140", - "full_name": "Live-Hack-CVE\/CVE-2022-44140", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44140", - "description": "Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the \/Member\/memberedit.html component. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:48Z", - "updated_at": "2022-12-28T03:56:48Z", - "pushed_at": "2022-12-28T03:56:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44151.json b/2022/CVE-2022-44151.json deleted file mode 100644 index 80dfa7a1b5..0000000000 --- a/2022/CVE-2022-44151.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840368, - "name": "CVE-2022-44151", - "full_name": "Live-Hack-CVE\/CVE-2022-44151", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44151", - "description": "Simple Inventory Management System v1.0 is vulnerable to SQL Injection via \/ims\/login.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:14Z", - "updated_at": "2022-12-28T02:31:14Z", - "pushed_at": "2022-12-28T02:31:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44156.json b/2022/CVE-2022-44156.json deleted file mode 100644 index ddfa7e963a..0000000000 --- a/2022/CVE-2022-44156.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873621, - "name": "CVE-2022-44156", - "full_name": "Live-Hack-CVE\/CVE-2022-44156", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44156", - "description": "Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:29Z", - "updated_at": "2022-12-28T05:22:29Z", - "pushed_at": "2022-12-28T05:22:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44158.json b/2022/CVE-2022-44158.json deleted file mode 100644 index 07b0f2d10b..0000000000 --- a/2022/CVE-2022-44158.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873583, - "name": "CVE-2022-44158", - "full_name": "Live-Hack-CVE\/CVE-2022-44158", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44158", - "description": "Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:18Z", - "updated_at": "2022-12-28T05:22:18Z", - "pushed_at": "2022-12-28T05:22:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44163.json b/2022/CVE-2022-44163.json deleted file mode 100644 index cd29947152..0000000000 --- a/2022/CVE-2022-44163.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873569, - "name": "CVE-2022-44163", - "full_name": "Live-Hack-CVE\/CVE-2022-44163", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44163", - "description": "Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:22:15Z", - "updated_at": "2022-12-28T05:22:15Z", - "pushed_at": "2022-12-28T05:22:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44167.json b/2022/CVE-2022-44167.json deleted file mode 100644 index 0a00f226bc..0000000000 --- a/2022/CVE-2022-44167.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874038, - "name": "CVE-2022-44167", - "full_name": "Live-Hack-CVE\/CVE-2022-44167", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44167", - "description": "Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:31Z", - "updated_at": "2022-12-28T05:24:31Z", - "pushed_at": "2022-12-28T05:24:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44168.json b/2022/CVE-2022-44168.json deleted file mode 100644 index 0c038e7606..0000000000 --- a/2022/CVE-2022-44168.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874125, - "name": "CVE-2022-44168", - "full_name": "Live-Hack-CVE\/CVE-2022-44168", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44168", - "description": "Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:50Z", - "updated_at": "2022-12-28T05:24:50Z", - "pushed_at": "2022-12-28T05:24:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44169.json b/2022/CVE-2022-44169.json deleted file mode 100644 index 3a29846d2e..0000000000 --- a/2022/CVE-2022-44169.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874152, - "name": "CVE-2022-44169", - "full_name": "Live-Hack-CVE\/CVE-2022-44169", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44169", - "description": "Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:57Z", - "updated_at": "2022-12-28T05:24:57Z", - "pushed_at": "2022-12-28T05:24:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44171.json b/2022/CVE-2022-44171.json deleted file mode 100644 index d2db9428af..0000000000 --- a/2022/CVE-2022-44171.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857687, - "name": "CVE-2022-44171", - "full_name": "Live-Hack-CVE\/CVE-2022-44171", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44171", - "description": "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:23Z", - "updated_at": "2022-12-28T04:01:23Z", - "pushed_at": "2022-12-28T04:01:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44172.json b/2022/CVE-2022-44172.json deleted file mode 100644 index 4db88dc2df..0000000000 --- a/2022/CVE-2022-44172.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857673, - "name": "CVE-2022-44172", - "full_name": "Live-Hack-CVE\/CVE-2022-44172", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44172", - "description": "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:19Z", - "updated_at": "2022-12-28T04:01:19Z", - "pushed_at": "2022-12-28T04:01:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44174.json b/2022/CVE-2022-44174.json deleted file mode 100644 index 8deaca1802..0000000000 --- a/2022/CVE-2022-44174.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857660, - "name": "CVE-2022-44174", - "full_name": "Live-Hack-CVE\/CVE-2022-44174", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44174", - "description": "Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:15Z", - "updated_at": "2022-12-28T04:01:15Z", - "pushed_at": "2022-12-28T04:01:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44175.json b/2022/CVE-2022-44175.json deleted file mode 100644 index cceac7518c..0000000000 --- a/2022/CVE-2022-44175.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857637, - "name": "CVE-2022-44175", - "full_name": "Live-Hack-CVE\/CVE-2022-44175", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44175", - "description": "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:08Z", - "updated_at": "2022-12-28T04:01:08Z", - "pushed_at": "2022-12-28T04:01:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44176.json b/2022/CVE-2022-44176.json deleted file mode 100644 index b56c41ff1b..0000000000 --- a/2022/CVE-2022-44176.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857645, - "name": "CVE-2022-44176", - "full_name": "Live-Hack-CVE\/CVE-2022-44176", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44176", - "description": "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:12Z", - "updated_at": "2022-12-28T04:01:12Z", - "pushed_at": "2022-12-28T04:01:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44177.json b/2022/CVE-2022-44177.json deleted file mode 100644 index 50fe8e05d0..0000000000 --- a/2022/CVE-2022-44177.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857625, - "name": "CVE-2022-44177", - "full_name": "Live-Hack-CVE\/CVE-2022-44177", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44177", - "description": "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:05Z", - "updated_at": "2022-12-28T04:01:05Z", - "pushed_at": "2022-12-28T04:01:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44178.json b/2022/CVE-2022-44178.json deleted file mode 100644 index 380475a7b7..0000000000 --- a/2022/CVE-2022-44178.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857617, - "name": "CVE-2022-44178", - "full_name": "Live-Hack-CVE\/CVE-2022-44178", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44178", - "description": "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:01Z", - "updated_at": "2022-12-28T04:01:01Z", - "pushed_at": "2022-12-28T04:01:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44180.json b/2022/CVE-2022-44180.json deleted file mode 100644 index b19c60cab5..0000000000 --- a/2022/CVE-2022-44180.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857602, - "name": "CVE-2022-44180", - "full_name": "Live-Hack-CVE\/CVE-2022-44180", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44180", - "description": "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:00:58Z", - "updated_at": "2022-12-28T04:00:58Z", - "pushed_at": "2022-12-28T04:01:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44183.json b/2022/CVE-2022-44183.json deleted file mode 100644 index 5f8159dc5a..0000000000 --- a/2022/CVE-2022-44183.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857706, - "name": "CVE-2022-44183", - "full_name": "Live-Hack-CVE\/CVE-2022-44183", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44183", - "description": "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:30Z", - "updated_at": "2022-12-28T04:01:30Z", - "pushed_at": "2022-12-28T04:01:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44184.json b/2022/CVE-2022-44184.json deleted file mode 100644 index 901f87e4fb..0000000000 --- a/2022/CVE-2022-44184.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864875, - "name": "CVE-2022-44184", - "full_name": "Live-Hack-CVE\/CVE-2022-44184", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44184", - "description": "Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in \/usr\/sbin\/httpd via parameter wan_dns1_sec. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:15Z", - "updated_at": "2022-12-28T04:39:15Z", - "pushed_at": "2022-12-28T04:39:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44186.json b/2022/CVE-2022-44186.json deleted file mode 100644 index 15795f4de2..0000000000 --- a/2022/CVE-2022-44186.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864798, - "name": "CVE-2022-44186", - "full_name": "Live-Hack-CVE\/CVE-2022-44186", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44186", - "description": "Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in \/usr\/sbin\/httpd via parameter wan_dns1_pri. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:51Z", - "updated_at": "2022-12-28T04:38:51Z", - "pushed_at": "2022-12-28T04:38:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44187.json b/2022/CVE-2022-44187.json deleted file mode 100644 index 80124878af..0000000000 --- a/2022/CVE-2022-44187.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864812, - "name": "CVE-2022-44187", - "full_name": "Live-Hack-CVE\/CVE-2022-44187", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44187", - "description": "Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:54Z", - "updated_at": "2022-12-28T04:38:54Z", - "pushed_at": "2022-12-28T04:38:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44188.json b/2022/CVE-2022-44188.json deleted file mode 100644 index 51b1e3f3f1..0000000000 --- a/2022/CVE-2022-44188.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864771, - "name": "CVE-2022-44188", - "full_name": "Live-Hack-CVE\/CVE-2022-44188", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44188", - "description": "Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in \/usr\/sbin\/httpd via parameter enable_band_steering. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:37Z", - "updated_at": "2022-12-28T04:38:37Z", - "pushed_at": "2022-12-28T04:38:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44190.json b/2022/CVE-2022-44190.json deleted file mode 100644 index 3bc9bc1155..0000000000 --- a/2022/CVE-2022-44190.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864760, - "name": "CVE-2022-44190", - "full_name": "Live-Hack-CVE\/CVE-2022-44190", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44190", - "description": "Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:34Z", - "updated_at": "2022-12-28T04:38:34Z", - "pushed_at": "2022-12-28T04:38:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44191.json b/2022/CVE-2022-44191.json deleted file mode 100644 index ed74d7b239..0000000000 --- a/2022/CVE-2022-44191.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864607, - "name": "CVE-2022-44191", - "full_name": "Live-Hack-CVE\/CVE-2022-44191", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44191", - "description": "Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:46Z", - "updated_at": "2022-12-28T04:37:46Z", - "pushed_at": "2022-12-28T04:37:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44193.json b/2022/CVE-2022-44193.json deleted file mode 100644 index 5e056df4c9..0000000000 --- a/2022/CVE-2022-44193.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864858, - "name": "CVE-2022-44193", - "full_name": "Live-Hack-CVE\/CVE-2022-44193", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44193", - "description": "Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in \/usr\/sbin\/httpd via parameters: starthour, startminute , endhour, and endminute. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:11Z", - "updated_at": "2022-12-28T04:39:11Z", - "pushed_at": "2022-12-28T04:39:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44194.json b/2022/CVE-2022-44194.json deleted file mode 100644 index 6066b12b52..0000000000 --- a/2022/CVE-2022-44194.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864829, - "name": "CVE-2022-44194", - "full_name": "Live-Hack-CVE\/CVE-2022-44194", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44194", - "description": "Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:04Z", - "updated_at": "2022-12-28T04:39:04Z", - "pushed_at": "2022-12-28T04:39:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44196.json b/2022/CVE-2022-44196.json deleted file mode 100644 index 8e56f1775d..0000000000 --- a/2022/CVE-2022-44196.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864823, - "name": "CVE-2022-44196", - "full_name": "Live-Hack-CVE\/CVE-2022-44196", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44196", - "description": "Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:01Z", - "updated_at": "2022-12-28T04:39:01Z", - "pushed_at": "2022-12-28T04:39:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44197.json b/2022/CVE-2022-44197.json deleted file mode 100644 index 1e85308cb6..0000000000 --- a/2022/CVE-2022-44197.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864818, - "name": "CVE-2022-44197", - "full_name": "Live-Hack-CVE\/CVE-2022-44197", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44197", - "description": "Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:38:58Z", - "updated_at": "2022-12-28T04:38:58Z", - "pushed_at": "2022-12-28T04:39:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44198.json b/2022/CVE-2022-44198.json deleted file mode 100644 index b809904506..0000000000 --- a/2022/CVE-2022-44198.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864963, - "name": "CVE-2022-44198", - "full_name": "Live-Hack-CVE\/CVE-2022-44198", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44198", - "description": "Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:44Z", - "updated_at": "2022-12-28T04:39:44Z", - "pushed_at": "2022-12-28T04:39:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44199.json b/2022/CVE-2022-44199.json deleted file mode 100644 index 37537f877d..0000000000 --- a/2022/CVE-2022-44199.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864885, - "name": "CVE-2022-44199", - "full_name": "Live-Hack-CVE\/CVE-2022-44199", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44199", - "description": "Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:18Z", - "updated_at": "2022-12-28T04:39:18Z", - "pushed_at": "2022-12-28T04:39:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44200.json b/2022/CVE-2022-44200.json deleted file mode 100644 index dfdb5f8a04..0000000000 --- a/2022/CVE-2022-44200.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864895, - "name": "CVE-2022-44200", - "full_name": "Live-Hack-CVE\/CVE-2022-44200", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44200", - "description": "Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:39:21Z", - "updated_at": "2022-12-28T04:39:21Z", - "pushed_at": "2022-12-28T04:39:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44201.json b/2022/CVE-2022-44201.json deleted file mode 100644 index 872d814e3a..0000000000 --- a/2022/CVE-2022-44201.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864555, - "name": "CVE-2022-44201", - "full_name": "Live-Hack-CVE\/CVE-2022-44201", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44201", - "description": "D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:28Z", - "updated_at": "2022-12-28T04:37:28Z", - "pushed_at": "2022-12-28T04:37:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44202.json b/2022/CVE-2022-44202.json deleted file mode 100644 index c8ec3eef29..0000000000 --- a/2022/CVE-2022-44202.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864507, - "name": "CVE-2022-44202", - "full_name": "Live-Hack-CVE\/CVE-2022-44202", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44202", - "description": "D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:11Z", - "updated_at": "2022-12-28T04:37:11Z", - "pushed_at": "2022-12-28T04:37:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44204.json b/2022/CVE-2022-44204.json deleted file mode 100644 index e0375f1751..0000000000 --- a/2022/CVE-2022-44204.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873981, - "name": "CVE-2022-44204", - "full_name": "Live-Hack-CVE\/CVE-2022-44204", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44204", - "description": "D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:17Z", - "updated_at": "2022-12-28T05:24:17Z", - "pushed_at": "2022-12-28T05:24:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44244.json b/2022/CVE-2022-44244.json new file mode 100644 index 0000000000..a26aa1fcd0 --- /dev/null +++ b/2022/CVE-2022-44244.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912784, + "name": "CVE-2022-44244", + "full_name": "Live-Hack-CVE\/CVE-2022-44244", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44244", + "description": "An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:04:46Z", + "updated_at": "2022-12-28T08:04:46Z", + "pushed_at": "2022-12-28T08:04:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44250.json b/2022/CVE-2022-44250.json deleted file mode 100644 index f06a01720c..0000000000 --- a/2022/CVE-2022-44250.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857986, - "name": "CVE-2022-44250", - "full_name": "Live-Hack-CVE\/CVE-2022-44250", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44250", - "description": "TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:51Z", - "updated_at": "2022-12-28T04:02:51Z", - "pushed_at": "2022-12-28T04:02:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44251.json b/2022/CVE-2022-44251.json deleted file mode 100644 index 2291394a77..0000000000 --- a/2022/CVE-2022-44251.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857993, - "name": "CVE-2022-44251", - "full_name": "Live-Hack-CVE\/CVE-2022-44251", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44251", - "description": "TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:54Z", - "updated_at": "2022-12-28T04:02:54Z", - "pushed_at": "2022-12-28T04:02:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44252.json b/2022/CVE-2022-44252.json deleted file mode 100644 index 8fef839934..0000000000 --- a/2022/CVE-2022-44252.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582858007, - "name": "CVE-2022-44252", - "full_name": "Live-Hack-CVE\/CVE-2022-44252", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44252", - "description": "TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:58Z", - "updated_at": "2022-12-28T04:02:58Z", - "pushed_at": "2022-12-28T04:03:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44253.json b/2022/CVE-2022-44253.json deleted file mode 100644 index 7d1960a2ff..0000000000 --- a/2022/CVE-2022-44253.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857861, - "name": "CVE-2022-44253", - "full_name": "Live-Hack-CVE\/CVE-2022-44253", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44253", - "description": "TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:15Z", - "updated_at": "2022-12-28T04:02:15Z", - "pushed_at": "2022-12-28T04:02:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44254.json b/2022/CVE-2022-44254.json deleted file mode 100644 index 3135845291..0000000000 --- a/2022/CVE-2022-44254.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857874, - "name": "CVE-2022-44254", - "full_name": "Live-Hack-CVE\/CVE-2022-44254", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44254", - "description": "TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:18Z", - "updated_at": "2022-12-28T04:02:18Z", - "pushed_at": "2022-12-28T04:02:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44255.json b/2022/CVE-2022-44255.json deleted file mode 100644 index c89c1e8b07..0000000000 --- a/2022/CVE-2022-44255.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857970, - "name": "CVE-2022-44255", - "full_name": "Live-Hack-CVE\/CVE-2022-44255", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44255", - "description": "TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:46Z", - "updated_at": "2022-12-28T04:02:47Z", - "pushed_at": "2022-12-28T04:02:50Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44256.json b/2022/CVE-2022-44256.json deleted file mode 100644 index f0e91a20c6..0000000000 --- a/2022/CVE-2022-44256.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857814, - "name": "CVE-2022-44256", - "full_name": "Live-Hack-CVE\/CVE-2022-44256", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44256", - "description": "TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:01:57Z", - "updated_at": "2022-12-28T04:01:57Z", - "pushed_at": "2022-12-28T04:02:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44257.json b/2022/CVE-2022-44257.json deleted file mode 100644 index cc9151192b..0000000000 --- a/2022/CVE-2022-44257.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857825, - "name": "CVE-2022-44257", - "full_name": "Live-Hack-CVE\/CVE-2022-44257", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44257", - "description": "TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:01Z", - "updated_at": "2022-12-28T04:02:01Z", - "pushed_at": "2022-12-28T04:02:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44258.json b/2022/CVE-2022-44258.json deleted file mode 100644 index 68d8093031..0000000000 --- a/2022/CVE-2022-44258.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857832, - "name": "CVE-2022-44258", - "full_name": "Live-Hack-CVE\/CVE-2022-44258", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44258", - "description": "TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:04Z", - "updated_at": "2022-12-28T04:02:05Z", - "pushed_at": "2022-12-28T04:02:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44259.json b/2022/CVE-2022-44259.json deleted file mode 100644 index 2ed28d2f0d..0000000000 --- a/2022/CVE-2022-44259.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857843, - "name": "CVE-2022-44259", - "full_name": "Live-Hack-CVE\/CVE-2022-44259", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44259", - "description": "TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:08Z", - "updated_at": "2022-12-28T04:02:08Z", - "pushed_at": "2022-12-28T04:02:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44260.json b/2022/CVE-2022-44260.json deleted file mode 100644 index 3a0aaef662..0000000000 --- a/2022/CVE-2022-44260.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857852, - "name": "CVE-2022-44260", - "full_name": "Live-Hack-CVE\/CVE-2022-44260", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44260", - "description": "TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort\/ePort in the setIpPortFilterRules function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:02:12Z", - "updated_at": "2022-12-28T04:02:12Z", - "pushed_at": "2022-12-28T04:02:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44262.json b/2022/CVE-2022-44262.json deleted file mode 100644 index 7bc4743689..0000000000 --- a/2022/CVE-2022-44262.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832267, - "name": "CVE-2022-44262", - "full_name": "Live-Hack-CVE\/CVE-2022-44262", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44262", - "description": "ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:23Z", - "updated_at": "2022-12-28T01:49:23Z", - "pushed_at": "2022-12-28T01:49:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44277.json b/2022/CVE-2022-44277.json deleted file mode 100644 index 51230a325b..0000000000 --- a/2022/CVE-2022-44277.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818259, - "name": "CVE-2022-44277", - "full_name": "Live-Hack-CVE\/CVE-2022-44277", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44277", - "description": "Sanitization Management System v1.0 is vulnerable to SQL Injection via \/php-sms\/classes\/Master.php?f=delete_product. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:28:04Z", - "updated_at": "2022-12-28T00:28:04Z", - "pushed_at": "2022-12-28T00:28:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44278.json b/2022/CVE-2022-44278.json deleted file mode 100644 index 78fd1dbea4..0000000000 --- a/2022/CVE-2022-44278.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857263, - "name": "CVE-2022-44278", - "full_name": "Live-Hack-CVE\/CVE-2022-44278", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44278", - "description": "Sanitization Management System v1.0 is vulnerable to SQL Injection via \/php-sms\/admin\/?page=user\/manage_user&id=. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:13Z", - "updated_at": "2022-12-28T03:59:13Z", - "pushed_at": "2022-12-28T03:59:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44279.json b/2022/CVE-2022-44279.json deleted file mode 100644 index cdac67107e..0000000000 --- a/2022/CVE-2022-44279.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833918, - "name": "CVE-2022-44279", - "full_name": "Live-Hack-CVE\/CVE-2022-44279", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44279", - "description": "Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via \/garage\/php_action\/createBrand.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:58:00Z", - "updated_at": "2022-12-28T01:58:00Z", - "pushed_at": "2022-12-28T01:58:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44280.json b/2022/CVE-2022-44280.json deleted file mode 100644 index 0ac90eaf13..0000000000 --- a/2022/CVE-2022-44280.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857250, - "name": "CVE-2022-44280", - "full_name": "Live-Hack-CVE\/CVE-2022-44280", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44280", - "description": "Automotive Shop Management System v1.0 is vulnerable to Delete any file via \/asms\/classes\/Master.php?f=delete_img. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:09Z", - "updated_at": "2022-12-28T03:59:09Z", - "pushed_at": "2022-12-28T03:59:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44283.json b/2022/CVE-2022-44283.json deleted file mode 100644 index a02d32941c..0000000000 --- a/2022/CVE-2022-44283.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833328, - "name": "CVE-2022-44283", - "full_name": "Live-Hack-CVE\/CVE-2022-44283", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44283", - "description": "AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:04Z", - "updated_at": "2022-12-28T01:55:04Z", - "pushed_at": "2022-12-28T01:55:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44284.json b/2022/CVE-2022-44284.json deleted file mode 100644 index d5267ea41b..0000000000 --- a/2022/CVE-2022-44284.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833317, - "name": "CVE-2022-44284", - "full_name": "Live-Hack-CVE\/CVE-2022-44284", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44284", - "description": "Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:00Z", - "updated_at": "2022-12-28T01:55:00Z", - "pushed_at": "2022-12-28T01:55:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44294.json b/2022/CVE-2022-44294.json deleted file mode 100644 index 441918c5fb..0000000000 --- a/2022/CVE-2022-44294.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840630, - "name": "CVE-2022-44294", - "full_name": "Live-Hack-CVE\/CVE-2022-44294", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44294", - "description": "Sanitization Management System v1.0 is vulnerable to SQL Injection via \/php-sms\/admin\/?page=services\/manage_service&id=. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:32:37Z", - "updated_at": "2022-12-28T02:32:37Z", - "pushed_at": "2022-12-28T02:32:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44295.json b/2022/CVE-2022-44295.json deleted file mode 100644 index f74c35b0d5..0000000000 --- a/2022/CVE-2022-44295.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840638, - "name": "CVE-2022-44295", - "full_name": "Live-Hack-CVE\/CVE-2022-44295", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44295", - "description": "Sanitization Management System v1.0 is vulnerable to SQL Injection via \/php-sms\/admin\/orders\/assign_team.php?id=. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:32:40Z", - "updated_at": "2022-12-28T02:32:40Z", - "pushed_at": "2022-12-28T02:32:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44296.json b/2022/CVE-2022-44296.json deleted file mode 100644 index 5db06dfaeb..0000000000 --- a/2022/CVE-2022-44296.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840648, - "name": "CVE-2022-44296", - "full_name": "Live-Hack-CVE\/CVE-2022-44296", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44296", - "description": "Sanitization Management System v1.0 is vulnerable to SQL Injection via \/php-sms\/admin\/quotes\/manage_remark.php?id=. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:32:43Z", - "updated_at": "2022-12-28T02:32:43Z", - "pushed_at": "2022-12-28T02:32:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44311.json b/2022/CVE-2022-44311.json new file mode 100644 index 0000000000..fe31ece805 --- /dev/null +++ b/2022/CVE-2022-44311.json @@ -0,0 +1,31 @@ +[ + { + "id": 582969824, + "name": "CVE-2022-44311", + "full_name": "Live-Hack-CVE\/CVE-2022-44311", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44311", + "description": "html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:33:13Z", + "updated_at": "2022-12-28T11:33:13Z", + "pushed_at": "2022-12-28T11:33:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44312.json b/2022/CVE-2022-44312.json new file mode 100644 index 0000000000..e929d0222b --- /dev/null +++ b/2022/CVE-2022-44312.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980461, + "name": "CVE-2022-44312", + "full_name": "Live-Hack-CVE\/CVE-2022-44312", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44312", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:20Z", + "updated_at": "2022-12-28T12:11:20Z", + "pushed_at": "2022-12-28T12:11:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44313.json b/2022/CVE-2022-44313.json new file mode 100644 index 0000000000..e8cd756f42 --- /dev/null +++ b/2022/CVE-2022-44313.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980358, + "name": "CVE-2022-44313", + "full_name": "Live-Hack-CVE\/CVE-2022-44313", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44313", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:10:56Z", + "updated_at": "2022-12-28T12:10:56Z", + "pushed_at": "2022-12-28T12:10:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44314.json b/2022/CVE-2022-44314.json new file mode 100644 index 0000000000..ae4e8fafdd --- /dev/null +++ b/2022/CVE-2022-44314.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980374, + "name": "CVE-2022-44314", + "full_name": "Live-Hack-CVE\/CVE-2022-44314", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44314", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib\/string.c when called from ExpressionParseFunctionCall. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:00Z", + "updated_at": "2022-12-28T12:11:00Z", + "pushed_at": "2022-12-28T12:11:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44315.json b/2022/CVE-2022-44315.json new file mode 100644 index 0000000000..189c35708b --- /dev/null +++ b/2022/CVE-2022-44315.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980393, + "name": "CVE-2022-44315", + "full_name": "Live-Hack-CVE\/CVE-2022-44315", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44315", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:03Z", + "updated_at": "2022-12-28T12:11:03Z", + "pushed_at": "2022-12-28T12:11:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44316.json b/2022/CVE-2022-44316.json new file mode 100644 index 0000000000..892667db15 --- /dev/null +++ b/2022/CVE-2022-44316.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980406, + "name": "CVE-2022-44316", + "full_name": "Live-Hack-CVE\/CVE-2022-44316", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44316", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:07Z", + "updated_at": "2022-12-28T12:11:07Z", + "pushed_at": "2022-12-28T12:11:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44317.json b/2022/CVE-2022-44317.json new file mode 100644 index 0000000000..ed242315c4 --- /dev/null +++ b/2022/CVE-2022-44317.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980419, + "name": "CVE-2022-44317", + "full_name": "Live-Hack-CVE\/CVE-2022-44317", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44317", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib\/stdio.c when called from ExpressionParseFunctionCall. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:10Z", + "updated_at": "2022-12-28T12:11:10Z", + "pushed_at": "2022-12-28T12:11:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44318.json b/2022/CVE-2022-44318.json new file mode 100644 index 0000000000..23ec7b7f19 --- /dev/null +++ b/2022/CVE-2022-44318.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980436, + "name": "CVE-2022-44318", + "full_name": "Live-Hack-CVE\/CVE-2022-44318", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44318", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib\/string.c when called from ExpressionParseFunctionCall. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:14Z", + "updated_at": "2022-12-28T12:11:14Z", + "pushed_at": "2022-12-28T12:11:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44319.json b/2022/CVE-2022-44319.json new file mode 100644 index 0000000000..b6d14e4f71 --- /dev/null +++ b/2022/CVE-2022-44319.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980448, + "name": "CVE-2022-44319", + "full_name": "Live-Hack-CVE\/CVE-2022-44319", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44319", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib\/string.c when called from ExpressionParseFunctionCall. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:17Z", + "updated_at": "2022-12-28T12:11:17Z", + "pushed_at": "2022-12-28T12:11:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44320.json b/2022/CVE-2022-44320.json new file mode 100644 index 0000000000..12a81d1924 --- /dev/null +++ b/2022/CVE-2022-44320.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980339, + "name": "CVE-2022-44320", + "full_name": "Live-Hack-CVE\/CVE-2022-44320", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44320", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:10:53Z", + "updated_at": "2022-12-28T12:10:53Z", + "pushed_at": "2022-12-28T12:10:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44321.json b/2022/CVE-2022-44321.json new file mode 100644 index 0000000000..8e5ba275b0 --- /dev/null +++ b/2022/CVE-2022-44321.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980489, + "name": "CVE-2022-44321", + "full_name": "Live-Hack-CVE\/CVE-2022-44321", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44321", + "description": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:24Z", + "updated_at": "2022-12-28T12:11:24Z", + "pushed_at": "2022-12-28T12:11:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44345.json b/2022/CVE-2022-44345.json deleted file mode 100644 index a04bea78da..0000000000 --- a/2022/CVE-2022-44345.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818500, - "name": "CVE-2022-44345", - "full_name": "Live-Hack-CVE\/CVE-2022-44345", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44345", - "description": "Sanitization Management System v1.0 is vulnerable to SQL Injection via \/php-sms\/admin\/?page=quotes\/view_quote&id=. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:29:22Z", - "updated_at": "2022-12-28T00:29:22Z", - "pushed_at": "2022-12-28T00:29:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44347.json b/2022/CVE-2022-44347.json deleted file mode 100644 index c5cef34277..0000000000 --- a/2022/CVE-2022-44347.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818510, - "name": "CVE-2022-44347", - "full_name": "Live-Hack-CVE\/CVE-2022-44347", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44347", - "description": "Sanitization Management System v1.0 is vulnerable to SQL Injection via \/php-sms\/admin\/?page=inquiries\/view_inquiry&id=. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:29:25Z", - "updated_at": "2022-12-28T00:29:25Z", - "pushed_at": "2022-12-28T00:29:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44348.json b/2022/CVE-2022-44348.json deleted file mode 100644 index 02275ae8dd..0000000000 --- a/2022/CVE-2022-44348.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582818523, - "name": "CVE-2022-44348", - "full_name": "Live-Hack-CVE\/CVE-2022-44348", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44348", - "description": "Sanitization Management System v1.0 is vulnerable to SQL Injection via \/php-sms\/admin\/orders\/update_status.php?id=. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:29:28Z", - "updated_at": "2022-12-28T00:29:28Z", - "pushed_at": "2022-12-28T00:29:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44354.json b/2022/CVE-2022-44354.json deleted file mode 100644 index 4ff91f87ec..0000000000 --- a/2022/CVE-2022-44354.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833928, - "name": "CVE-2022-44354", - "full_name": "Live-Hack-CVE\/CVE-2022-44354", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44354", - "description": "SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:58:04Z", - "updated_at": "2022-12-28T01:58:04Z", - "pushed_at": "2022-12-28T01:58:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44355.json b/2022/CVE-2022-44355.json deleted file mode 100644 index 299600d8d8..0000000000 --- a/2022/CVE-2022-44355.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833906, - "name": "CVE-2022-44355", - "full_name": "Live-Hack-CVE\/CVE-2022-44355", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44355", - "description": "SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via \/network_test.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:57:57Z", - "updated_at": "2022-12-28T01:57:57Z", - "pushed_at": "2022-12-28T01:57:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44356.json b/2022/CVE-2022-44356.json deleted file mode 100644 index 889f45a399..0000000000 --- a/2022/CVE-2022-44356.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832604, - "name": "CVE-2022-44356", - "full_name": "Live-Hack-CVE\/CVE-2022-44356", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44356", - "description": "WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:51:14Z", - "updated_at": "2022-12-28T01:51:14Z", - "pushed_at": "2022-12-28T01:51:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44362.json b/2022/CVE-2022-44362.json deleted file mode 100644 index 446afdc5ea..0000000000 --- a/2022/CVE-2022-44362.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812220, - "name": "CVE-2022-44362", - "full_name": "Live-Hack-CVE\/CVE-2022-44362", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44362", - "description": "Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via \/goform\/AddSysLogRule. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:53:08Z", - "updated_at": "2022-12-27T23:53:08Z", - "pushed_at": "2022-12-27T23:53:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44363.json b/2022/CVE-2022-44363.json deleted file mode 100644 index 123ede8899..0000000000 --- a/2022/CVE-2022-44363.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812224, - "name": "CVE-2022-44363", - "full_name": "Live-Hack-CVE\/CVE-2022-44363", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44363", - "description": "Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via \/goform\/setSnmpInfo. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:53:12Z", - "updated_at": "2022-12-27T23:53:12Z", - "pushed_at": "2022-12-27T23:53:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44365.json b/2022/CVE-2022-44365.json deleted file mode 100644 index a80157ce2e..0000000000 --- a/2022/CVE-2022-44365.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812233, - "name": "CVE-2022-44365", - "full_name": "Live-Hack-CVE\/CVE-2022-44365", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44365", - "description": "Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via \/goform\/setSysPwd. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:53:15Z", - "updated_at": "2022-12-27T23:53:15Z", - "pushed_at": "2022-12-27T23:53:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44366.json b/2022/CVE-2022-44366.json deleted file mode 100644 index b7fe6b7b1a..0000000000 --- a/2022/CVE-2022-44366.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812261, - "name": "CVE-2022-44366", - "full_name": "Live-Hack-CVE\/CVE-2022-44366", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44366", - "description": "Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via \/goform\/setDiagnoseInfo. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:53:27Z", - "updated_at": "2022-12-27T23:53:27Z", - "pushed_at": "2022-12-27T23:53:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44367.json b/2022/CVE-2022-44367.json deleted file mode 100644 index 9f9d9c2353..0000000000 --- a/2022/CVE-2022-44367.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811377, - "name": "CVE-2022-44367", - "full_name": "Live-Hack-CVE\/CVE-2022-44367", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44367", - "description": "Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via \/goform\/setUplinkInfo. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:13Z", - "updated_at": "2022-12-27T23:48:13Z", - "pushed_at": "2022-12-27T23:48:15Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44384.json b/2022/CVE-2022-44384.json new file mode 100644 index 0000000000..4a699fd202 --- /dev/null +++ b/2022/CVE-2022-44384.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891695, + "name": "CVE-2022-44384", + "full_name": "Live-Hack-CVE\/CVE-2022-44384", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44384", + "description": "An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:40:29Z", + "updated_at": "2022-12-28T06:40:29Z", + "pushed_at": "2022-12-28T06:40:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44387.json b/2022/CVE-2022-44387.json new file mode 100644 index 0000000000..a7081b2ace --- /dev/null +++ b/2022/CVE-2022-44387.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913759, + "name": "CVE-2022-44387", + "full_name": "Live-Hack-CVE\/CVE-2022-44387", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44387", + "description": "EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:16Z", + "updated_at": "2022-12-28T08:08:16Z", + "pushed_at": "2022-12-28T08:08:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44389.json b/2022/CVE-2022-44389.json new file mode 100644 index 0000000000..2b53edcaa1 --- /dev/null +++ b/2022/CVE-2022-44389.json @@ -0,0 +1,31 @@ +[ + { + "id": 582913767, + "name": "CVE-2022-44389", + "full_name": "Live-Hack-CVE\/CVE-2022-44389", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44389", + "description": "EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:08:19Z", + "updated_at": "2022-12-28T08:08:19Z", + "pushed_at": "2022-12-28T08:08:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44390.json b/2022/CVE-2022-44390.json new file mode 100644 index 0000000000..baefa2fec9 --- /dev/null +++ b/2022/CVE-2022-44390.json @@ -0,0 +1,31 @@ +[ + { + "id": 582922726, + "name": "CVE-2022-44390", + "full_name": "Live-Hack-CVE\/CVE-2022-44390", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44390", + "description": "A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:42:42Z", + "updated_at": "2022-12-28T08:42:42Z", + "pushed_at": "2022-12-28T08:42:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44399.json b/2022/CVE-2022-44399.json deleted file mode 100644 index f120aec834..0000000000 --- a/2022/CVE-2022-44399.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833294, - "name": "CVE-2022-44399", - "full_name": "Live-Hack-CVE\/CVE-2022-44399", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44399", - "description": "Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at \/Redcock-Farm\/farm\/category.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:54Z", - "updated_at": "2022-12-28T01:54:54Z", - "pushed_at": "2022-12-28T01:54:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44400.json b/2022/CVE-2022-44400.json deleted file mode 100644 index 41b0caf16a..0000000000 --- a/2022/CVE-2022-44400.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857059, - "name": "CVE-2022-44400", - "full_name": "Live-Hack-CVE\/CVE-2022-44400", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44400", - "description": "Purchase Order Management System v1.0 contains a file upload vulnerability via \/purchase_order\/admin\/?page=system_info. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:58:05Z", - "updated_at": "2022-12-28T03:58:05Z", - "pushed_at": "2022-12-28T03:58:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44401.json b/2022/CVE-2022-44401.json deleted file mode 100644 index 1a7b7c029b..0000000000 --- a/2022/CVE-2022-44401.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857023, - "name": "CVE-2022-44401", - "full_name": "Live-Hack-CVE\/CVE-2022-44401", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44401", - "description": "Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via \/tour\/admin\/file.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:53Z", - "updated_at": "2022-12-28T03:57:53Z", - "pushed_at": "2022-12-28T03:57:57Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44402.json b/2022/CVE-2022-44402.json new file mode 100644 index 0000000000..719230ad1e --- /dev/null +++ b/2022/CVE-2022-44402.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892126, + "name": "CVE-2022-44402", + "full_name": "Live-Hack-CVE\/CVE-2022-44402", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44402", + "description": "Automotive Shop Management System v1.0 is vulnerable to SQL Injection via \/asms\/classes\/Master.php?f=delete_transaction. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:04Z", + "updated_at": "2022-12-28T06:42:04Z", + "pushed_at": "2022-12-28T06:42:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44403.json b/2022/CVE-2022-44403.json new file mode 100644 index 0000000000..c5fc903b64 --- /dev/null +++ b/2022/CVE-2022-44403.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892135, + "name": "CVE-2022-44403", + "full_name": "Live-Hack-CVE\/CVE-2022-44403", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44403", + "description": "Automotive Shop Management System v1.0 is vulnerable to SQL Injection via \/asms\/admin\/?page=user\/manage_user&id=. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:42:08Z", + "updated_at": "2022-12-28T06:42:08Z", + "pushed_at": "2022-12-28T06:42:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44411.json b/2022/CVE-2022-44411.json deleted file mode 100644 index f7bef51abc..0000000000 --- a/2022/CVE-2022-44411.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848499, - "name": "CVE-2022-44411", - "full_name": "Live-Hack-CVE\/CVE-2022-44411", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44411", - "description": "Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:53Z", - "updated_at": "2022-12-28T03:12:53Z", - "pushed_at": "2022-12-28T03:12:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44544.json b/2022/CVE-2022-44544.json new file mode 100644 index 0000000000..f092924755 --- /dev/null +++ b/2022/CVE-2022-44544.json @@ -0,0 +1,31 @@ +[ + { + "id": 582959061, + "name": "CVE-2022-44544", + "full_name": "Live-Hack-CVE\/CVE-2022-44544", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44544", + "description": "Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:53:30Z", + "updated_at": "2022-12-28T10:53:30Z", + "pushed_at": "2022-12-28T10:53:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44546.json b/2022/CVE-2022-44546.json new file mode 100644 index 0000000000..e35b4c581c --- /dev/null +++ b/2022/CVE-2022-44546.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958884, + "name": "CVE-2022-44546", + "full_name": "Live-Hack-CVE\/CVE-2022-44546", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44546", + "description": "The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:52:46Z", + "updated_at": "2022-12-28T10:52:46Z", + "pushed_at": "2022-12-28T10:52:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44547.json b/2022/CVE-2022-44547.json new file mode 100644 index 0000000000..88103f2f77 --- /dev/null +++ b/2022/CVE-2022-44547.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958901, + "name": "CVE-2022-44547", + "full_name": "Live-Hack-CVE\/CVE-2022-44547", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44547", + "description": "The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:52:50Z", + "updated_at": "2022-12-28T10:52:50Z", + "pushed_at": "2022-12-28T10:52:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44548.json b/2022/CVE-2022-44548.json new file mode 100644 index 0000000000..84fa03b197 --- /dev/null +++ b/2022/CVE-2022-44548.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958812, + "name": "CVE-2022-44548", + "full_name": "Live-Hack-CVE\/CVE-2022-44548", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44548", + "description": "There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:52:31Z", + "updated_at": "2022-12-28T10:52:49Z", + "pushed_at": "2022-12-28T10:52:33Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44550.json b/2022/CVE-2022-44550.json new file mode 100644 index 0000000000..dc3dd49ec7 --- /dev/null +++ b/2022/CVE-2022-44550.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957521, + "name": "CVE-2022-44550", + "full_name": "Live-Hack-CVE\/CVE-2022-44550", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44550", + "description": "The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:47:49Z", + "updated_at": "2022-12-28T10:47:49Z", + "pushed_at": "2022-12-28T10:47:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44551.json b/2022/CVE-2022-44551.json new file mode 100644 index 0000000000..16c3614c48 --- /dev/null +++ b/2022/CVE-2022-44551.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946233, + "name": "CVE-2022-44551", + "full_name": "Live-Hack-CVE\/CVE-2022-44551", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44551", + "description": "The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:15Z", + "updated_at": "2022-12-28T10:07:15Z", + "pushed_at": "2022-12-28T10:07:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44552.json b/2022/CVE-2022-44552.json new file mode 100644 index 0000000000..f881e37576 --- /dev/null +++ b/2022/CVE-2022-44552.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946217, + "name": "CVE-2022-44552", + "full_name": "Live-Hack-CVE\/CVE-2022-44552", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44552", + "description": "The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:11Z", + "updated_at": "2022-12-28T10:07:11Z", + "pushed_at": "2022-12-28T10:07:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44553.json b/2022/CVE-2022-44553.json new file mode 100644 index 0000000000..1e109d7464 --- /dev/null +++ b/2022/CVE-2022-44553.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946287, + "name": "CVE-2022-44553", + "full_name": "Live-Hack-CVE\/CVE-2022-44553", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44553", + "description": "The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:26Z", + "updated_at": "2022-12-28T10:07:26Z", + "pushed_at": "2022-12-28T10:07:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44554.json b/2022/CVE-2022-44554.json new file mode 100644 index 0000000000..77107e5aab --- /dev/null +++ b/2022/CVE-2022-44554.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946304, + "name": "CVE-2022-44554", + "full_name": "Live-Hack-CVE\/CVE-2022-44554", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44554", + "description": "The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:30Z", + "updated_at": "2022-12-28T10:07:30Z", + "pushed_at": "2022-12-28T10:07:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44555.json b/2022/CVE-2022-44555.json new file mode 100644 index 0000000000..2098225d9c --- /dev/null +++ b/2022/CVE-2022-44555.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946321, + "name": "CVE-2022-44555", + "full_name": "Live-Hack-CVE\/CVE-2022-44555", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44555", + "description": "The DDMP\/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:33Z", + "updated_at": "2022-12-28T10:07:33Z", + "pushed_at": "2022-12-28T10:07:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44557.json b/2022/CVE-2022-44557.json new file mode 100644 index 0000000000..287598ead0 --- /dev/null +++ b/2022/CVE-2022-44557.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946339, + "name": "CVE-2022-44557", + "full_name": "Live-Hack-CVE\/CVE-2022-44557", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44557", + "description": "The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:37Z", + "updated_at": "2022-12-28T10:07:37Z", + "pushed_at": "2022-12-28T10:07:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44558.json b/2022/CVE-2022-44558.json new file mode 100644 index 0000000000..29c87a0311 --- /dev/null +++ b/2022/CVE-2022-44558.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946389, + "name": "CVE-2022-44558", + "full_name": "Live-Hack-CVE\/CVE-2022-44558", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44558", + "description": "The AMS module has a vulnerability of serialization\/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:44Z", + "updated_at": "2022-12-28T10:07:44Z", + "pushed_at": "2022-12-28T10:07:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44559.json b/2022/CVE-2022-44559.json new file mode 100644 index 0000000000..22065dbe34 --- /dev/null +++ b/2022/CVE-2022-44559.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946361, + "name": "CVE-2022-44559", + "full_name": "Live-Hack-CVE\/CVE-2022-44559", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44559", + "description": "The AMS module has a vulnerability of serialization\/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:41Z", + "updated_at": "2022-12-28T10:07:41Z", + "pushed_at": "2022-12-28T10:07:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44560.json b/2022/CVE-2022-44560.json new file mode 100644 index 0000000000..3cbfe58f8c --- /dev/null +++ b/2022/CVE-2022-44560.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912478, + "name": "CVE-2022-44560", + "full_name": "Live-Hack-CVE\/CVE-2022-44560", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44560", + "description": "The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:03:35Z", + "updated_at": "2022-12-28T08:03:35Z", + "pushed_at": "2022-12-28T08:03:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44561.json b/2022/CVE-2022-44561.json new file mode 100644 index 0000000000..e3454dcd0f --- /dev/null +++ b/2022/CVE-2022-44561.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902276, + "name": "CVE-2022-44561", + "full_name": "Live-Hack-CVE\/CVE-2022-44561", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44561", + "description": "The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:23:10Z", + "updated_at": "2022-12-28T07:23:10Z", + "pushed_at": "2022-12-28T07:23:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44562.json b/2022/CVE-2022-44562.json new file mode 100644 index 0000000000..db1b01599a --- /dev/null +++ b/2022/CVE-2022-44562.json @@ -0,0 +1,31 @@ +[ + { + "id": 582957536, + "name": "CVE-2022-44562", + "full_name": "Live-Hack-CVE\/CVE-2022-44562", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44562", + "description": "The system framework layer has a vulnerability of serialization\/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:47:53Z", + "updated_at": "2022-12-28T10:47:53Z", + "pushed_at": "2022-12-28T10:47:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44563.json b/2022/CVE-2022-44563.json new file mode 100644 index 0000000000..630fc03e79 --- /dev/null +++ b/2022/CVE-2022-44563.json @@ -0,0 +1,31 @@ +[ + { + "id": 582958742, + "name": "CVE-2022-44563", + "full_name": "Live-Hack-CVE\/CVE-2022-44563", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44563", + "description": "There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:52:13Z", + "updated_at": "2022-12-28T10:52:13Z", + "pushed_at": "2022-12-28T10:52:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44590.json b/2022/CVE-2022-44590.json new file mode 100644 index 0000000000..aa58176890 --- /dev/null +++ b/2022/CVE-2022-44590.json @@ -0,0 +1,31 @@ +[ + { + "id": 582949134, + "name": "CVE-2022-44590", + "full_name": "Live-Hack-CVE\/CVE-2022-44590", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44590", + "description": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:17:08Z", + "updated_at": "2022-12-28T10:17:08Z", + "pushed_at": "2022-12-28T10:17:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44591.json b/2022/CVE-2022-44591.json new file mode 100644 index 0000000000..0c123d5f5f --- /dev/null +++ b/2022/CVE-2022-44591.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891567, + "name": "CVE-2022-44591", + "full_name": "Live-Hack-CVE\/CVE-2022-44591", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44591", + "description": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:58Z", + "updated_at": "2022-12-28T06:39:58Z", + "pushed_at": "2022-12-28T06:40:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44634.json b/2022/CVE-2022-44634.json deleted file mode 100644 index a474dcb6e8..0000000000 --- a/2022/CVE-2022-44634.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872258, - "name": "CVE-2022-44634", - "full_name": "Live-Hack-CVE\/CVE-2022-44634", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44634", - "description": "Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:47Z", - "updated_at": "2022-12-28T05:16:47Z", - "pushed_at": "2022-12-28T05:16:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44635.json b/2022/CVE-2022-44635.json deleted file mode 100644 index 00203c0429..0000000000 --- a/2022/CVE-2022-44635.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833532, - "name": "CVE-2022-44635", - "full_name": "Live-Hack-CVE\/CVE-2022-44635", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44635", - "description": "Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:09Z", - "updated_at": "2022-12-28T01:56:09Z", - "pushed_at": "2022-12-28T01:56:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44641.json b/2022/CVE-2022-44641.json deleted file mode 100644 index 5b23622d39..0000000000 --- a/2022/CVE-2022-44641.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872363, - "name": "CVE-2022-44641", - "full_name": "Live-Hack-CVE\/CVE-2022-44641", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44641", - "description": "In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:17:18Z", - "updated_at": "2022-12-28T05:17:18Z", - "pushed_at": "2022-12-28T05:17:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44725.json b/2022/CVE-2022-44725.json deleted file mode 100644 index 50472b002c..0000000000 --- a/2022/CVE-2022-44725.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872663, - "name": "CVE-2022-44725", - "full_name": "Live-Hack-CVE\/CVE-2022-44725", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44725", - "description": "OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:18:40Z", - "updated_at": "2022-12-28T05:18:40Z", - "pushed_at": "2022-12-28T05:18:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44727.json b/2022/CVE-2022-44727.json new file mode 100644 index 0000000000..8bbc95a428 --- /dev/null +++ b/2022/CVE-2022-44727.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936428, + "name": "CVE-2022-44727", + "full_name": "Live-Hack-CVE\/CVE-2022-44727", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44727", + "description": "The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:32:21Z", + "updated_at": "2022-12-28T09:32:21Z", + "pushed_at": "2022-12-28T09:32:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44732.json b/2022/CVE-2022-44732.json new file mode 100644 index 0000000000..b4e5e20d12 --- /dev/null +++ b/2022/CVE-2022-44732.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982204, + "name": "CVE-2022-44732", + "full_name": "Live-Hack-CVE\/CVE-2022-44732", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44732", + "description": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:17:19Z", + "updated_at": "2022-12-28T12:17:19Z", + "pushed_at": "2022-12-28T12:17:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44733.json b/2022/CVE-2022-44733.json new file mode 100644 index 0000000000..0ec76fee12 --- /dev/null +++ b/2022/CVE-2022-44733.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981110, + "name": "CVE-2022-44733", + "full_name": "Live-Hack-CVE\/CVE-2022-44733", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44733", + "description": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:29Z", + "updated_at": "2022-12-28T12:13:29Z", + "pushed_at": "2022-12-28T12:13:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44736.json b/2022/CVE-2022-44736.json new file mode 100644 index 0000000000..9911dfabe0 --- /dev/null +++ b/2022/CVE-2022-44736.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891533, + "name": "CVE-2022-44736", + "full_name": "Live-Hack-CVE\/CVE-2022-44736", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44736", + "description": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:51Z", + "updated_at": "2022-12-28T06:39:51Z", + "pushed_at": "2022-12-28T06:39:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44737.json b/2022/CVE-2022-44737.json deleted file mode 100644 index 5ca1a4ff64..0000000000 --- a/2022/CVE-2022-44737.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857414, - "name": "CVE-2022-44737", - "full_name": "Live-Hack-CVE\/CVE-2022-44737", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44737", - "description": "Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:00:01Z", - "updated_at": "2022-12-28T04:00:01Z", - "pushed_at": "2022-12-28T04:00:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44740.json b/2022/CVE-2022-44740.json deleted file mode 100644 index c6fc63c5bf..0000000000 --- a/2022/CVE-2022-44740.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865221, - "name": "CVE-2022-44740", - "full_name": "Live-Hack-CVE\/CVE-2022-44740", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44740", - "description": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:41:00Z", - "updated_at": "2022-12-28T04:41:00Z", - "pushed_at": "2022-12-28T04:41:02Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44741.json b/2022/CVE-2022-44741.json new file mode 100644 index 0000000000..ea4552cbf7 --- /dev/null +++ b/2022/CVE-2022-44741.json @@ -0,0 +1,31 @@ +[ + { + "id": 582971019, + "name": "CVE-2022-44741", + "full_name": "Live-Hack-CVE\/CVE-2022-44741", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44741", + "description": "Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T11:37:20Z", + "updated_at": "2022-12-28T11:37:20Z", + "pushed_at": "2022-12-28T11:37:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44744.json b/2022/CVE-2022-44744.json new file mode 100644 index 0000000000..292bf49095 --- /dev/null +++ b/2022/CVE-2022-44744.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981092, + "name": "CVE-2022-44744", + "full_name": "Live-Hack-CVE\/CVE-2022-44744", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44744", + "description": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:26Z", + "updated_at": "2022-12-28T12:13:26Z", + "pushed_at": "2022-12-28T12:13:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44745.json b/2022/CVE-2022-44745.json new file mode 100644 index 0000000000..3df958f3ab --- /dev/null +++ b/2022/CVE-2022-44745.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981072, + "name": "CVE-2022-44745", + "full_name": "Live-Hack-CVE\/CVE-2022-44745", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44745", + "description": "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:22Z", + "updated_at": "2022-12-28T12:13:22Z", + "pushed_at": "2022-12-28T12:13:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44746.json b/2022/CVE-2022-44746.json new file mode 100644 index 0000000000..4fe2fa437f --- /dev/null +++ b/2022/CVE-2022-44746.json @@ -0,0 +1,31 @@ +[ + { + "id": 582981030, + "name": "CVE-2022-44746", + "full_name": "Live-Hack-CVE\/CVE-2022-44746", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44746", + "description": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:13:15Z", + "updated_at": "2022-12-28T12:13:15Z", + "pushed_at": "2022-12-28T12:13:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44747.json b/2022/CVE-2022-44747.json new file mode 100644 index 0000000000..598d2322c4 --- /dev/null +++ b/2022/CVE-2022-44747.json @@ -0,0 +1,31 @@ +[ + { + "id": 582980518, + "name": "CVE-2022-44747", + "full_name": "Live-Hack-CVE\/CVE-2022-44747", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44747", + "description": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:11:31Z", + "updated_at": "2022-12-28T12:11:31Z", + "pushed_at": "2022-12-28T12:11:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44748.json b/2022/CVE-2022-44748.json deleted file mode 100644 index 6b1e84b03d..0000000000 --- a/2022/CVE-2022-44748.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841448, - "name": "CVE-2022-44748", - "full_name": "Live-Hack-CVE\/CVE-2022-44748", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44748", - "description": "A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary f CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:34Z", - "updated_at": "2022-12-28T02:36:34Z", - "pushed_at": "2022-12-28T02:36:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44749.json b/2022/CVE-2022-44749.json deleted file mode 100644 index cad1269f81..0000000000 --- a/2022/CVE-2022-44749.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841436, - "name": "CVE-2022-44749", - "full_name": "Live-Hack-CVE\/CVE-2022-44749", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44749", - "description": "A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can over CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:36:30Z", - "updated_at": "2022-12-28T02:36:30Z", - "pushed_at": "2022-12-28T02:36:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44784.json b/2022/CVE-2022-44784.json deleted file mode 100644 index 9373ea90b4..0000000000 --- a/2022/CVE-2022-44784.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864492, - "name": "CVE-2022-44784", - "full_name": "Live-Hack-CVE\/CVE-2022-44784", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44784", - "description": "An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF\/web.xml file leaked through Local File Inclusion. Among the exposed services, there is the Axis A CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:08Z", - "updated_at": "2022-12-28T04:37:08Z", - "pushed_at": "2022-12-28T04:37:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44785.json b/2022/CVE-2022-44785.json deleted file mode 100644 index ab270eee18..0000000000 --- a/2022/CVE-2022-44785.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865501, - "name": "CVE-2022-44785", - "full_name": "Live-Hack-CVE\/CVE-2022-44785", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44785", - "description": "An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:29Z", - "updated_at": "2022-12-28T04:42:29Z", - "pushed_at": "2022-12-28T04:42:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44786.json b/2022/CVE-2022-44786.json deleted file mode 100644 index aa141bc41b..0000000000 --- a/2022/CVE-2022-44786.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865472, - "name": "CVE-2022-44786", - "full_name": "Live-Hack-CVE\/CVE-2022-44786", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44786", - "description": "An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:19Z", - "updated_at": "2022-12-28T04:42:19Z", - "pushed_at": "2022-12-28T04:42:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44787.json b/2022/CVE-2022-44787.json deleted file mode 100644 index c0a08b7cc1..0000000000 --- a/2022/CVE-2022-44787.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865484, - "name": "CVE-2022-44787", - "full_name": "Live-Hack-CVE\/CVE-2022-44787", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44787", - "description": "An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onm CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:22Z", - "updated_at": "2022-12-28T04:42:22Z", - "pushed_at": "2022-12-28T04:42:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44788.json b/2022/CVE-2022-44788.json deleted file mode 100644 index b4b03d1d35..0000000000 --- a/2022/CVE-2022-44788.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865450, - "name": "CVE-2022-44788", - "full_name": "Live-Hack-CVE\/CVE-2022-44788", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44788", - "description": "An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:12Z", - "updated_at": "2022-12-28T04:42:12Z", - "pushed_at": "2022-12-28T04:42:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44792.json b/2022/CVE-2022-44792.json new file mode 100644 index 0000000000..270f8eb3d6 --- /dev/null +++ b/2022/CVE-2022-44792.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982643, + "name": "CVE-2022-44792", + "full_name": "Live-Hack-CVE\/CVE-2022-44792", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44792", + "description": "handle_ipDefaultTTL in agent\/mibgroup\/ip-mib\/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:49Z", + "updated_at": "2022-12-28T12:18:49Z", + "pushed_at": "2022-12-28T12:18:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44793.json b/2022/CVE-2022-44793.json new file mode 100644 index 0000000000..52efc7688d --- /dev/null +++ b/2022/CVE-2022-44793.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982660, + "name": "CVE-2022-44793", + "full_name": "Live-Hack-CVE\/CVE-2022-44793", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44793", + "description": "handle_ipv6IpForwarding in agent\/mibgroup\/ip-mib\/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:53Z", + "updated_at": "2022-12-28T12:18:53Z", + "pushed_at": "2022-12-28T12:18:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44794.json b/2022/CVE-2022-44794.json new file mode 100644 index 0000000000..0d14de61a6 --- /dev/null +++ b/2022/CVE-2022-44794.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982674, + "name": "CVE-2022-44794", + "full_name": "Live-Hack-CVE\/CVE-2022-44794", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44794", + "description": "An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:18:56Z", + "updated_at": "2022-12-28T12:18:56Z", + "pushed_at": "2022-12-28T12:18:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44795.json b/2022/CVE-2022-44795.json new file mode 100644 index 0000000000..97d22437a7 --- /dev/null +++ b/2022/CVE-2022-44795.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982702, + "name": "CVE-2022-44795", + "full_name": "Live-Hack-CVE\/CVE-2022-44795", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44795", + "description": "An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:00Z", + "updated_at": "2022-12-28T12:19:00Z", + "pushed_at": "2022-12-28T12:19:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44796.json b/2022/CVE-2022-44796.json new file mode 100644 index 0000000000..fec40cea62 --- /dev/null +++ b/2022/CVE-2022-44796.json @@ -0,0 +1,31 @@ +[ + { + "id": 582982724, + "name": "CVE-2022-44796", + "full_name": "Live-Hack-CVE\/CVE-2022-44796", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44796", + "description": "An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T12:19:04Z", + "updated_at": "2022-12-28T12:19:04Z", + "pushed_at": "2022-12-28T12:19:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44797.json b/2022/CVE-2022-44797.json new file mode 100644 index 0000000000..d9501c60c4 --- /dev/null +++ b/2022/CVE-2022-44797.json @@ -0,0 +1,31 @@ +[ + { + "id": 582946454, + "name": "CVE-2022-44797", + "full_name": "Live-Hack-CVE\/CVE-2022-44797", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44797", + "description": "btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T10:07:59Z", + "updated_at": "2022-12-28T10:07:59Z", + "pushed_at": "2022-12-28T10:08:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-44801.json b/2022/CVE-2022-44801.json deleted file mode 100644 index e37b2a07b9..0000000000 --- a/2022/CVE-2022-44801.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864518, - "name": "CVE-2022-44801", - "full_name": "Live-Hack-CVE\/CVE-2022-44801", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44801", - "description": "D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:15Z", - "updated_at": "2022-12-28T04:37:15Z", - "pushed_at": "2022-12-28T04:37:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44804.json b/2022/CVE-2022-44804.json deleted file mode 100644 index 52ff0421be..0000000000 --- a/2022/CVE-2022-44804.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864526, - "name": "CVE-2022-44804", - "full_name": "Live-Hack-CVE\/CVE-2022-44804", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44804", - "description": "D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:18Z", - "updated_at": "2022-12-28T04:37:18Z", - "pushed_at": "2022-12-28T04:37:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44806.json b/2022/CVE-2022-44806.json deleted file mode 100644 index 73ab726c2d..0000000000 --- a/2022/CVE-2022-44806.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864537, - "name": "CVE-2022-44806", - "full_name": "Live-Hack-CVE\/CVE-2022-44806", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44806", - "description": "D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:22Z", - "updated_at": "2022-12-28T04:37:22Z", - "pushed_at": "2022-12-28T04:37:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44807.json b/2022/CVE-2022-44807.json deleted file mode 100644 index e7bcdbc01e..0000000000 --- a/2022/CVE-2022-44807.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864546, - "name": "CVE-2022-44807", - "full_name": "Live-Hack-CVE\/CVE-2022-44807", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44807", - "description": "D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:25Z", - "updated_at": "2022-12-28T04:37:25Z", - "pushed_at": "2022-12-28T04:37:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44808.json b/2022/CVE-2022-44808.json deleted file mode 100644 index a9fba879fb..0000000000 --- a/2022/CVE-2022-44808.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582864572, - "name": "CVE-2022-44808", - "full_name": "Live-Hack-CVE\/CVE-2022-44808", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44808", - "description": "A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed \/HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:37:32Z", - "updated_at": "2022-12-28T04:37:32Z", - "pushed_at": "2022-12-28T04:37:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44830.json b/2022/CVE-2022-44830.json deleted file mode 100644 index 128fc8fa34..0000000000 --- a/2022/CVE-2022-44830.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865788, - "name": "CVE-2022-44830", - "full_name": "Live-Hack-CVE\/CVE-2022-44830", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44830", - "description": "Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:54Z", - "updated_at": "2022-12-28T04:43:54Z", - "pushed_at": "2022-12-28T04:43:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44843.json b/2022/CVE-2022-44843.json deleted file mode 100644 index cfa74ebbed..0000000000 --- a/2022/CVE-2022-44843.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840007, - "name": "CVE-2022-44843", - "full_name": "Live-Hack-CVE\/CVE-2022-44843", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44843", - "description": "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting\/setOpenVpnClientCfg function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:38Z", - "updated_at": "2022-12-28T02:29:38Z", - "pushed_at": "2022-12-28T02:29:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44844.json b/2022/CVE-2022-44844.json deleted file mode 100644 index f5121906a3..0000000000 --- a/2022/CVE-2022-44844.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839998, - "name": "CVE-2022-44844", - "full_name": "Live-Hack-CVE\/CVE-2022-44844", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44844", - "description": "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting\/setOpenVpnCfg function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:35Z", - "updated_at": "2022-12-28T02:29:35Z", - "pushed_at": "2022-12-28T02:29:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44858.json b/2022/CVE-2022-44858.json deleted file mode 100644 index c59c2c9141..0000000000 --- a/2022/CVE-2022-44858.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856696, - "name": "CVE-2022-44858", - "full_name": "Live-Hack-CVE\/CVE-2022-44858", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44858", - "description": "Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/asms\/products\/view_product.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:14Z", - "updated_at": "2022-12-28T03:56:14Z", - "pushed_at": "2022-12-28T03:56:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44859.json b/2022/CVE-2022-44859.json deleted file mode 100644 index a09affbe4e..0000000000 --- a/2022/CVE-2022-44859.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856720, - "name": "CVE-2022-44859", - "full_name": "Live-Hack-CVE\/CVE-2022-44859", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44859", - "description": "Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/asms\/admin\/products\/manage_product.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:20Z", - "updated_at": "2022-12-28T03:56:20Z", - "pushed_at": "2022-12-28T03:56:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44860.json b/2022/CVE-2022-44860.json deleted file mode 100644 index 9f50a60b74..0000000000 --- a/2022/CVE-2022-44860.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856710, - "name": "CVE-2022-44860", - "full_name": "Live-Hack-CVE\/CVE-2022-44860", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44860", - "description": "Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/admin\/transactions\/update_status.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:17Z", - "updated_at": "2022-12-28T03:56:17Z", - "pushed_at": "2022-12-28T03:56:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44870.json b/2022/CVE-2022-44870.json deleted file mode 100644 index 9771a4c1f8..0000000000 --- a/2022/CVE-2022-44870.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 580610277, - "name": "CVE-2022-44870", - "full_name": "Cedric1314\/CVE-2022-44870", - "owner": { - "login": "Cedric1314", - "id": 42855430, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/42855430?v=4", - "html_url": "https:\/\/github.com\/Cedric1314" - }, - "html_url": "https:\/\/github.com\/Cedric1314\/CVE-2022-44870", - "description": "maccms admin+ xss attacks ", - "fork": false, - "created_at": "2022-12-21T01:40:11Z", - "updated_at": "2022-12-28T01:00:12Z", - "pushed_at": "2022-12-28T00:55:31Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44928.json b/2022/CVE-2022-44928.json deleted file mode 100644 index 7572be0468..0000000000 --- a/2022/CVE-2022-44928.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811894, - "name": "CVE-2022-44928", - "full_name": "Live-Hack-CVE\/CVE-2022-44928", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44928", - "description": "D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:22Z", - "updated_at": "2022-12-27T23:51:22Z", - "pushed_at": "2022-12-27T23:51:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44929.json b/2022/CVE-2022-44929.json deleted file mode 100644 index 857d582441..0000000000 --- a/2022/CVE-2022-44929.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811885, - "name": "CVE-2022-44929", - "full_name": "Live-Hack-CVE\/CVE-2022-44929", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44929", - "description": "An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:19Z", - "updated_at": "2022-12-27T23:51:19Z", - "pushed_at": "2022-12-27T23:51:21Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44930.json b/2022/CVE-2022-44930.json deleted file mode 100644 index aeefdf8b9b..0000000000 --- a/2022/CVE-2022-44930.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811927, - "name": "CVE-2022-44930", - "full_name": "Live-Hack-CVE\/CVE-2022-44930", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44930", - "description": "D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:30Z", - "updated_at": "2022-12-27T23:51:30Z", - "pushed_at": "2022-12-27T23:51:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44937.json b/2022/CVE-2022-44937.json deleted file mode 100644 index 150762c95f..0000000000 --- a/2022/CVE-2022-44937.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833167, - "name": "CVE-2022-44937", - "full_name": "Live-Hack-CVE\/CVE-2022-44937", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44937", - "description": "Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:22Z", - "updated_at": "2022-12-28T01:54:22Z", - "pushed_at": "2022-12-28T01:54:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44944.json b/2022/CVE-2022-44944.json deleted file mode 100644 index e651a90e68..0000000000 --- a/2022/CVE-2022-44944.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811785, - "name": "CVE-2022-44944", - "full_name": "Live-Hack-CVE\/CVE-2022-44944", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44944", - "description": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at \/index.php?module=help_pages\/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:47Z", - "updated_at": "2022-12-27T23:50:47Z", - "pushed_at": "2022-12-27T23:50:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44946.json b/2022/CVE-2022-44946.json deleted file mode 100644 index 5eb77fcfa5..0000000000 --- a/2022/CVE-2022-44946.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811793, - "name": "CVE-2022-44946", - "full_name": "Live-Hack-CVE\/CVE-2022-44946", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44946", - "description": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at \/index.php?module=help_pages\/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:51Z", - "updated_at": "2022-12-27T23:50:51Z", - "pushed_at": "2022-12-27T23:50:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44947.json b/2022/CVE-2022-44947.json deleted file mode 100644 index 6bcffee015..0000000000 --- a/2022/CVE-2022-44947.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811803, - "name": "CVE-2022-44947", - "full_name": "Live-Hack-CVE\/CVE-2022-44947", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44947", - "description": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at \/index.php?module=entities\/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after cl CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:54Z", - "updated_at": "2022-12-27T23:50:54Z", - "pushed_at": "2022-12-27T23:50:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44948.json b/2022/CVE-2022-44948.json deleted file mode 100644 index c412cbaa55..0000000000 --- a/2022/CVE-2022-44948.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811283, - "name": "CVE-2022-44948", - "full_name": "Live-Hack-CVE\/CVE-2022-44948", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44948", - "description": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at\/index.php?module=entities\/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking \"Add\". CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:45Z", - "updated_at": "2022-12-27T23:47:45Z", - "pushed_at": "2022-12-27T23:47:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44949.json b/2022/CVE-2022-44949.json deleted file mode 100644 index a6ecae72ef..0000000000 --- a/2022/CVE-2022-44949.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811249, - "name": "CVE-2022-44949", - "full_name": "Live-Hack-CVE\/CVE-2022-44949", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44949", - "description": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at \/index.php?module=entities\/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:31Z", - "updated_at": "2022-12-27T23:47:31Z", - "pushed_at": "2022-12-27T23:47:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44950.json b/2022/CVE-2022-44950.json deleted file mode 100644 index dd9f9098f9..0000000000 --- a/2022/CVE-2022-44950.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811257, - "name": "CVE-2022-44950", - "full_name": "Live-Hack-CVE\/CVE-2022-44950", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44950", - "description": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at \/index.php?module=entities\/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:34Z", - "updated_at": "2022-12-27T23:47:35Z", - "pushed_at": "2022-12-27T23:47:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44951.json b/2022/CVE-2022-44951.json deleted file mode 100644 index ad1484fc57..0000000000 --- a/2022/CVE-2022-44951.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811266, - "name": "CVE-2022-44951", - "full_name": "Live-Hack-CVE\/CVE-2022-44951", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44951", - "description": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at \/index.php?module=entities\/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:38Z", - "updated_at": "2022-12-27T23:47:38Z", - "pushed_at": "2022-12-27T23:47:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44952.json b/2022/CVE-2022-44952.json deleted file mode 100644 index c454187e8d..0000000000 --- a/2022/CVE-2022-44952.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811274, - "name": "CVE-2022-44952", - "full_name": "Live-Hack-CVE\/CVE-2022-44952", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44952", - "description": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in \/index.php?module=configuration\/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking \"Add\". CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:42Z", - "updated_at": "2022-12-27T23:47:42Z", - "pushed_at": "2022-12-27T23:47:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44961.json b/2022/CVE-2022-44961.json deleted file mode 100644 index b433968ffe..0000000000 --- a/2022/CVE-2022-44961.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811148, - "name": "CVE-2022-44961", - "full_name": "Live-Hack-CVE\/CVE-2022-44961", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44961", - "description": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component \/forums\/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:46:51Z", - "updated_at": "2022-12-27T23:46:51Z", - "pushed_at": "2022-12-27T23:46:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-44962.json b/2022/CVE-2022-44962.json deleted file mode 100644 index 3e18c43caa..0000000000 --- a/2022/CVE-2022-44962.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811240, - "name": "CVE-2022-44962", - "full_name": "Live-Hack-CVE\/CVE-2022-44962", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-44962", - "description": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component \/calendar\/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:27Z", - "updated_at": "2022-12-27T23:47:27Z", - "pushed_at": "2022-12-27T23:47:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45012.json b/2022/CVE-2022-45012.json deleted file mode 100644 index 744aa7bb39..0000000000 --- a/2022/CVE-2022-45012.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874166, - "name": "CVE-2022-45012", - "full_name": "Live-Hack-CVE\/CVE-2022-45012", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45012", - "description": "A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:25:00Z", - "updated_at": "2022-12-28T05:25:00Z", - "pushed_at": "2022-12-28T05:25:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45013.json b/2022/CVE-2022-45013.json deleted file mode 100644 index 9ace98bd3f..0000000000 --- a/2022/CVE-2022-45013.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874179, - "name": "CVE-2022-45013", - "full_name": "Live-Hack-CVE\/CVE-2022-45013", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45013", - "description": "A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:25:04Z", - "updated_at": "2022-12-28T05:25:04Z", - "pushed_at": "2022-12-28T05:25:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45014.json b/2022/CVE-2022-45014.json deleted file mode 100644 index 757e2b3267..0000000000 --- a/2022/CVE-2022-45014.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874194, - "name": "CVE-2022-45014", - "full_name": "Live-Hack-CVE\/CVE-2022-45014", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45014", - "description": "A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:25:07Z", - "updated_at": "2022-12-28T05:25:07Z", - "pushed_at": "2022-12-28T05:25:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45015.json b/2022/CVE-2022-45015.json deleted file mode 100644 index 66f8c5e6ef..0000000000 --- a/2022/CVE-2022-45015.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874204, - "name": "CVE-2022-45015", - "full_name": "Live-Hack-CVE\/CVE-2022-45015", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45015", - "description": "A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:25:11Z", - "updated_at": "2022-12-28T05:25:11Z", - "pushed_at": "2022-12-28T05:25:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45016.json b/2022/CVE-2022-45016.json deleted file mode 100644 index adc6962e92..0000000000 --- a/2022/CVE-2022-45016.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874216, - "name": "CVE-2022-45016", - "full_name": "Live-Hack-CVE\/CVE-2022-45016", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45016", - "description": "A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:25:14Z", - "updated_at": "2022-12-28T05:25:14Z", - "pushed_at": "2022-12-28T05:25:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45017.json b/2022/CVE-2022-45017.json deleted file mode 100644 index 9a02cc800f..0000000000 --- a/2022/CVE-2022-45017.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582874233, - "name": "CVE-2022-45017", - "full_name": "Live-Hack-CVE\/CVE-2022-45017", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45017", - "description": "A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:25:17Z", - "updated_at": "2022-12-28T05:25:17Z", - "pushed_at": "2022-12-28T05:25:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45036.json b/2022/CVE-2022-45036.json deleted file mode 100644 index cdeb6da603..0000000000 --- a/2022/CVE-2022-45036.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856252, - "name": "CVE-2022-45036", - "full_name": "Live-Hack-CVE\/CVE-2022-45036", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45036", - "description": "A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:53:37Z", - "updated_at": "2022-12-28T03:53:37Z", - "pushed_at": "2022-12-28T03:53:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45037.json b/2022/CVE-2022-45037.json deleted file mode 100644 index 402ad98693..0000000000 --- a/2022/CVE-2022-45037.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856256, - "name": "CVE-2022-45037", - "full_name": "Live-Hack-CVE\/CVE-2022-45037", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45037", - "description": "A cross-site scripting (XSS) vulnerability in \/admin\/users\/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:53:40Z", - "updated_at": "2022-12-28T03:53:40Z", - "pushed_at": "2022-12-28T03:53:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45038.json b/2022/CVE-2022-45038.json deleted file mode 100644 index 3ed58ef69f..0000000000 --- a/2022/CVE-2022-45038.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856266, - "name": "CVE-2022-45038", - "full_name": "Live-Hack-CVE\/CVE-2022-45038", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45038", - "description": "A cross-site scripting (XSS) vulnerability in \/admin\/settings\/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:53:44Z", - "updated_at": "2022-12-28T03:53:44Z", - "pushed_at": "2022-12-28T03:53:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45039.json b/2022/CVE-2022-45039.json deleted file mode 100644 index b19d6f3149..0000000000 --- a/2022/CVE-2022-45039.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856276, - "name": "CVE-2022-45039", - "full_name": "Live-Hack-CVE\/CVE-2022-45039", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45039", - "description": "An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:53:47Z", - "updated_at": "2022-12-28T03:53:47Z", - "pushed_at": "2022-12-28T03:53:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45040.json b/2022/CVE-2022-45040.json deleted file mode 100644 index 2f1139dd8f..0000000000 --- a/2022/CVE-2022-45040.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856282, - "name": "CVE-2022-45040", - "full_name": "Live-Hack-CVE\/CVE-2022-45040", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45040", - "description": "A cross-site scripting (XSS) vulnerability in \/admin\/pages\/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:53:50Z", - "updated_at": "2022-12-28T03:53:50Z", - "pushed_at": "2022-12-28T03:53:52Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45047.json b/2022/CVE-2022-45047.json new file mode 100644 index 0000000000..8bd92dc458 --- /dev/null +++ b/2022/CVE-2022-45047.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892426, + "name": "CVE-2022-45047", + "full_name": "Live-Hack-CVE\/CVE-2022-45047", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45047", + "description": "Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:43:17Z", + "updated_at": "2022-12-28T06:43:17Z", + "pushed_at": "2022-12-28T06:43:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45050.json b/2022/CVE-2022-45050.json deleted file mode 100644 index ab8c66fd7e..0000000000 --- a/2022/CVE-2022-45050.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832049, - "name": "CVE-2022-45050", - "full_name": "Live-Hack-CVE\/CVE-2022-45050", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45050", - "description": "A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:11Z", - "updated_at": "2022-12-28T01:48:11Z", - "pushed_at": "2022-12-28T01:48:13Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45059.json b/2022/CVE-2022-45059.json deleted file mode 100644 index 879c04d59d..0000000000 --- a/2022/CVE-2022-45059.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824757, - "name": "CVE-2022-45059", - "full_name": "Live-Hack-CVE\/CVE-2022-45059", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45059", - "description": "An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:28Z", - "updated_at": "2022-12-28T01:06:28Z", - "pushed_at": "2022-12-28T01:06:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45060.json b/2022/CVE-2022-45060.json deleted file mode 100644 index 54ea98cf0c..0000000000 --- a/2022/CVE-2022-45060.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824763, - "name": "CVE-2022-45060", - "full_name": "Live-Hack-CVE\/CVE-2022-45060", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45060", - "description": "An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP\/2 pseudo-headers that are invalid in the context of an HTTP\/1 request line, causing the Varnish server to produce invalid HTTP\/1 requests t CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:32Z", - "updated_at": "2022-12-28T01:06:32Z", - "pushed_at": "2022-12-28T01:06:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45063.json b/2022/CVE-2022-45063.json deleted file mode 100644 index 76248eafc1..0000000000 --- a/2022/CVE-2022-45063.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582824796, - "name": "CVE-2022-45063", - "full_name": "Live-Hack-CVE\/CVE-2022-45063", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45063", - "description": "xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:06:42Z", - "updated_at": "2022-12-28T01:06:42Z", - "pushed_at": "2022-12-28T01:06:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45066.json b/2022/CVE-2022-45066.json new file mode 100644 index 0000000000..aa7dab2a3f --- /dev/null +++ b/2022/CVE-2022-45066.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891520, + "name": "CVE-2022-45066", + "full_name": "Live-Hack-CVE\/CVE-2022-45066", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45066", + "description": "Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:48Z", + "updated_at": "2022-12-28T06:39:48Z", + "pushed_at": "2022-12-28T06:39:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45069.json b/2022/CVE-2022-45069.json new file mode 100644 index 0000000000..4cbdfe2ebc --- /dev/null +++ b/2022/CVE-2022-45069.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891551, + "name": "CVE-2022-45069", + "full_name": "Live-Hack-CVE\/CVE-2022-45069", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45069", + "description": "Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:54Z", + "updated_at": "2022-12-28T06:39:54Z", + "pushed_at": "2022-12-28T06:39:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45071.json b/2022/CVE-2022-45071.json deleted file mode 100644 index 6b7450e61c..0000000000 --- a/2022/CVE-2022-45071.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872961, - "name": "CVE-2022-45071", - "full_name": "Live-Hack-CVE\/CVE-2022-45071", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45071", - "description": "Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:53Z", - "updated_at": "2022-12-28T05:19:53Z", - "pushed_at": "2022-12-28T05:19:55Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45072.json b/2022/CVE-2022-45072.json deleted file mode 100644 index 5d086f97a1..0000000000 --- a/2022/CVE-2022-45072.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872978, - "name": "CVE-2022-45072", - "full_name": "Live-Hack-CVE\/CVE-2022-45072", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45072", - "description": "Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:19:57Z", - "updated_at": "2022-12-28T05:19:57Z", - "pushed_at": "2022-12-28T05:19:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45073.json b/2022/CVE-2022-45073.json deleted file mode 100644 index ac8d739383..0000000000 --- a/2022/CVE-2022-45073.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582872234, - "name": "CVE-2022-45073", - "full_name": "Live-Hack-CVE\/CVE-2022-45073", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45073", - "description": "Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:16:41Z", - "updated_at": "2022-12-28T05:16:41Z", - "pushed_at": "2022-12-28T05:16:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45077.json b/2022/CVE-2022-45077.json new file mode 100644 index 0000000000..d019a238c1 --- /dev/null +++ b/2022/CVE-2022-45077.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891485, + "name": "CVE-2022-45077", + "full_name": "Live-Hack-CVE\/CVE-2022-45077", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45077", + "description": "Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:40Z", + "updated_at": "2022-12-28T06:39:40Z", + "pushed_at": "2022-12-28T06:39:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45082.json b/2022/CVE-2022-45082.json deleted file mode 100644 index 3f8d71498e..0000000000 --- a/2022/CVE-2022-45082.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871975, - "name": "CVE-2022-45082", - "full_name": "Live-Hack-CVE\/CVE-2022-45082", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45082", - "description": "Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:30Z", - "updated_at": "2022-12-28T05:15:30Z", - "pushed_at": "2022-12-28T05:15:32Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45129.json b/2022/CVE-2022-45129.json new file mode 100644 index 0000000000..6d2be8f581 --- /dev/null +++ b/2022/CVE-2022-45129.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936384, + "name": "CVE-2022-45129", + "full_name": "Live-Hack-CVE\/CVE-2022-45129", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45129", + "description": "Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:32:09Z", + "updated_at": "2022-12-28T09:32:09Z", + "pushed_at": "2022-12-28T09:32:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45130.json b/2022/CVE-2022-45130.json new file mode 100644 index 0000000000..917ccb2343 --- /dev/null +++ b/2022/CVE-2022-45130.json @@ -0,0 +1,31 @@ +[ + { + "id": 582936673, + "name": "CVE-2022-45130", + "full_name": "Live-Hack-CVE\/CVE-2022-45130", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45130", + "description": "Plesk Obsidian allows a CSRF attack, e.g., via the \/api\/v2\/cli\/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names (\"Obsidian\"), not numbers. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T09:33:14Z", + "updated_at": "2022-12-28T09:33:14Z", + "pushed_at": "2022-12-28T09:33:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45132.json b/2022/CVE-2022-45132.json deleted file mode 100644 index efe58aa477..0000000000 --- a/2022/CVE-2022-45132.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871964, - "name": "CVE-2022-45132", - "full_name": "Live-Hack-CVE\/CVE-2022-45132", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45132", - "description": "In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:27Z", - "updated_at": "2022-12-28T05:15:27Z", - "pushed_at": "2022-12-28T05:15:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45136.json b/2022/CVE-2022-45136.json new file mode 100644 index 0000000000..db86622a71 --- /dev/null +++ b/2022/CVE-2022-45136.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902191, + "name": "CVE-2022-45136", + "full_name": "Live-Hack-CVE\/CVE-2022-45136", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45136", + "description": "** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:49Z", + "updated_at": "2022-12-28T07:22:49Z", + "pushed_at": "2022-12-28T07:22:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45146.json b/2022/CVE-2022-45146.json deleted file mode 100644 index 0726892a15..0000000000 --- a/2022/CVE-2022-45146.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841862, - "name": "CVE-2022-45146", - "full_name": "Live-Hack-CVE\/CVE-2022-45146", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45146", - "description": "An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:38:42Z", - "updated_at": "2022-12-28T02:38:42Z", - "pushed_at": "2022-12-28T02:38:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45163.json b/2022/CVE-2022-45163.json deleted file mode 100644 index fd571de362..0000000000 --- a/2022/CVE-2022-45163.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857377, - "name": "CVE-2022-45163", - "full_name": "Live-Hack-CVE\/CVE-2022-45163", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45163", - "description": "An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual\/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:59:54Z", - "updated_at": "2022-12-28T03:59:54Z", - "pushed_at": "2022-12-28T03:59:56Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45182.json b/2022/CVE-2022-45182.json new file mode 100644 index 0000000000..af4d8850ec --- /dev/null +++ b/2022/CVE-2022-45182.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923998, + "name": "CVE-2022-45182", + "full_name": "Live-Hack-CVE\/CVE-2022-45182", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45182", + "description": "Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:29Z", + "updated_at": "2022-12-28T08:47:29Z", + "pushed_at": "2022-12-28T08:47:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45183.json b/2022/CVE-2022-45183.json new file mode 100644 index 0000000000..a1bf899dc0 --- /dev/null +++ b/2022/CVE-2022-45183.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923884, + "name": "CVE-2022-45183", + "full_name": "Live-Hack-CVE\/CVE-2022-45183", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45183", + "description": "Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:05Z", + "updated_at": "2022-12-28T08:47:06Z", + "pushed_at": "2022-12-28T08:47:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45184.json b/2022/CVE-2022-45184.json new file mode 100644 index 0000000000..618b8c312c --- /dev/null +++ b/2022/CVE-2022-45184.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923813, + "name": "CVE-2022-45184", + "full_name": "Live-Hack-CVE\/CVE-2022-45184", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45184", + "description": "The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to parti CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:46:51Z", + "updated_at": "2022-12-28T08:46:51Z", + "pushed_at": "2022-12-28T08:46:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45188.json b/2022/CVE-2022-45188.json new file mode 100644 index 0000000000..d1d04d74ee --- /dev/null +++ b/2022/CVE-2022-45188.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912192, + "name": "CVE-2022-45188", + "full_name": "Live-Hack-CVE\/CVE-2022-45188", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45188", + "description": "Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:30Z", + "updated_at": "2022-12-28T08:02:30Z", + "pushed_at": "2022-12-28T08:02:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45193.json b/2022/CVE-2022-45193.json new file mode 100644 index 0000000000..e083954b02 --- /dev/null +++ b/2022/CVE-2022-45193.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923974, + "name": "CVE-2022-45193", + "full_name": "Live-Hack-CVE\/CVE-2022-45193", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45193", + "description": "CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:23Z", + "updated_at": "2022-12-28T08:47:23Z", + "pushed_at": "2022-12-28T08:47:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45194.json b/2022/CVE-2022-45194.json new file mode 100644 index 0000000000..830d0eaf9f --- /dev/null +++ b/2022/CVE-2022-45194.json @@ -0,0 +1,31 @@ +[ + { + "id": 582923921, + "name": "CVE-2022-45194", + "full_name": "Live-Hack-CVE\/CVE-2022-45194", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45194", + "description": "CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:47:13Z", + "updated_at": "2022-12-28T08:47:13Z", + "pushed_at": "2022-12-28T08:47:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45195.json b/2022/CVE-2022-45195.json new file mode 100644 index 0000000000..12cb0bf28d --- /dev/null +++ b/2022/CVE-2022-45195.json @@ -0,0 +1,31 @@ +[ + { + "id": 582912163, + "name": "CVE-2022-45195", + "full_name": "Live-Hack-CVE\/CVE-2022-45195", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45195", + "description": "SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T08:02:23Z", + "updated_at": "2022-12-28T08:02:23Z", + "pushed_at": "2022-12-28T08:02:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45196.json b/2022/CVE-2022-45196.json new file mode 100644 index 0000000000..ffad8c0764 --- /dev/null +++ b/2022/CVE-2022-45196.json @@ -0,0 +1,31 @@ +[ + { + "id": 582903403, + "name": "CVE-2022-45196", + "full_name": "Live-Hack-CVE\/CVE-2022-45196", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45196", + "description": "Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:27:43Z", + "updated_at": "2022-12-28T07:27:43Z", + "pushed_at": "2022-12-28T07:27:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45198.json b/2022/CVE-2022-45198.json deleted file mode 100644 index eff268900f..0000000000 --- a/2022/CVE-2022-45198.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873209, - "name": "CVE-2022-45198", - "full_name": "Live-Hack-CVE\/CVE-2022-45198", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45198", - "description": "Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:46Z", - "updated_at": "2022-12-28T05:20:46Z", - "pushed_at": "2022-12-28T05:20:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45199.json b/2022/CVE-2022-45199.json deleted file mode 100644 index 6f13d6033e..0000000000 --- a/2022/CVE-2022-45199.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873224, - "name": "CVE-2022-45199", - "full_name": "Live-Hack-CVE\/CVE-2022-45199", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45199", - "description": "Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:20:49Z", - "updated_at": "2022-12-28T05:20:49Z", - "pushed_at": "2022-12-28T05:20:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45202.json b/2022/CVE-2022-45202.json deleted file mode 100644 index e6c445e31f..0000000000 --- a/2022/CVE-2022-45202.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833585, - "name": "CVE-2022-45202", - "full_name": "Live-Hack-CVE\/CVE-2022-45202", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45202", - "description": "GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia\/box_code_3gpp.c. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:25Z", - "updated_at": "2022-12-28T01:56:25Z", - "pushed_at": "2022-12-28T01:56:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45204.json b/2022/CVE-2022-45204.json deleted file mode 100644 index 3e5f56ec23..0000000000 --- a/2022/CVE-2022-45204.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833553, - "name": "CVE-2022-45204", - "full_name": "Live-Hack-CVE\/CVE-2022-45204", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45204", - "description": "GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia\/box_code_3gpp.c. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:15Z", - "updated_at": "2022-12-28T01:56:15Z", - "pushed_at": "2022-12-28T01:56:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45205.json b/2022/CVE-2022-45205.json deleted file mode 100644 index 5c63d9fa48..0000000000 --- a/2022/CVE-2022-45205.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856753, - "name": "CVE-2022-45205", - "full_name": "Live-Hack-CVE\/CVE-2022-45205", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45205", - "description": "Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component \/sys\/dict\/queryTableData. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:31Z", - "updated_at": "2022-12-28T03:56:31Z", - "pushed_at": "2022-12-28T03:56:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45206.json b/2022/CVE-2022-45206.json deleted file mode 100644 index 2eb234d45f..0000000000 --- a/2022/CVE-2022-45206.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856764, - "name": "CVE-2022-45206", - "full_name": "Live-Hack-CVE\/CVE-2022-45206", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45206", - "description": "Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component \/sys\/duplicate\/check. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:34Z", - "updated_at": "2022-12-28T03:56:34Z", - "pushed_at": "2022-12-28T03:56:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45207.json b/2022/CVE-2022-45207.json deleted file mode 100644 index 9845a9df96..0000000000 --- a/2022/CVE-2022-45207.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856778, - "name": "CVE-2022-45207", - "full_name": "Live-Hack-CVE\/CVE-2022-45207", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45207", - "description": "Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:38Z", - "updated_at": "2022-12-28T03:56:38Z", - "pushed_at": "2022-12-28T03:56:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45208.json b/2022/CVE-2022-45208.json deleted file mode 100644 index a712eb10e0..0000000000 --- a/2022/CVE-2022-45208.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856798, - "name": "CVE-2022-45208", - "full_name": "Live-Hack-CVE\/CVE-2022-45208", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45208", - "description": "Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component \/sys\/user\/putRecycleBin. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:44Z", - "updated_at": "2022-12-28T03:56:44Z", - "pushed_at": "2022-12-28T03:56:46Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45210.json b/2022/CVE-2022-45210.json deleted file mode 100644 index 524fd71fd7..0000000000 --- a/2022/CVE-2022-45210.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856791, - "name": "CVE-2022-45210", - "full_name": "Live-Hack-CVE\/CVE-2022-45210", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45210", - "description": "Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component \/sys\/user\/deleteRecycleBin. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:41Z", - "updated_at": "2022-12-28T03:56:41Z", - "pushed_at": "2022-12-28T03:56:43Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45214.json b/2022/CVE-2022-45214.json deleted file mode 100644 index b5546a54af..0000000000 --- a/2022/CVE-2022-45214.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582847934, - "name": "CVE-2022-45214", - "full_name": "Live-Hack-CVE\/CVE-2022-45214", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45214", - "description": "A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at \/php-sms\/classes\/Login.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:09:58Z", - "updated_at": "2022-12-28T03:09:58Z", - "pushed_at": "2022-12-28T03:10:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45215.json b/2022/CVE-2022-45215.json deleted file mode 100644 index 411c782e08..0000000000 --- a/2022/CVE-2022-45215.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812063, - "name": "CVE-2022-45215", - "full_name": "Live-Hack-CVE\/CVE-2022-45215", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45215", - "description": "A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:16Z", - "updated_at": "2022-12-27T23:52:16Z", - "pushed_at": "2022-12-27T23:52:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45218.json b/2022/CVE-2022-45218.json deleted file mode 100644 index 038e034542..0000000000 --- a/2022/CVE-2022-45218.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848395, - "name": "CVE-2022-45218", - "full_name": "Live-Hack-CVE\/CVE-2022-45218", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45218", - "description": "Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:12:28Z", - "updated_at": "2022-12-28T03:12:28Z", - "pushed_at": "2022-12-28T03:12:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45221.json b/2022/CVE-2022-45221.json deleted file mode 100644 index 9732a63844..0000000000 --- a/2022/CVE-2022-45221.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582847944, - "name": "CVE-2022-45221", - "full_name": "Live-Hack-CVE\/CVE-2022-45221", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45221", - "description": "Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:01Z", - "updated_at": "2022-12-28T03:10:01Z", - "pushed_at": "2022-12-28T03:10:04Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45223.json b/2022/CVE-2022-45223.json deleted file mode 100644 index b8458517e5..0000000000 --- a/2022/CVE-2022-45223.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848067, - "name": "CVE-2022-45223", - "full_name": "Live-Hack-CVE\/CVE-2022-45223", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45223", - "description": "Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in \/Admin\/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:39Z", - "updated_at": "2022-12-28T03:10:39Z", - "pushed_at": "2022-12-28T03:10:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45224.json b/2022/CVE-2022-45224.json deleted file mode 100644 index 253d320f2b..0000000000 --- a/2022/CVE-2022-45224.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848072, - "name": "CVE-2022-45224", - "full_name": "Live-Hack-CVE\/CVE-2022-45224", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45224", - "description": "Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin\/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:42Z", - "updated_at": "2022-12-28T03:10:42Z", - "pushed_at": "2022-12-28T03:10:44Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45225.json b/2022/CVE-2022-45225.json deleted file mode 100644 index 5f501acb78..0000000000 --- a/2022/CVE-2022-45225.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839984, - "name": "CVE-2022-45225", - "full_name": "Live-Hack-CVE\/CVE-2022-45225", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45225", - "description": "Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in \/bsms_ci\/index.php\/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:31Z", - "updated_at": "2022-12-28T02:29:31Z", - "pushed_at": "2022-12-28T02:29:33Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45276.json b/2022/CVE-2022-45276.json deleted file mode 100644 index 6a5f8eb78c..0000000000 --- a/2022/CVE-2022-45276.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856855, - "name": "CVE-2022-45276", - "full_name": "Live-Hack-CVE\/CVE-2022-45276", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45276", - "description": "An issue in the \/index\/user\/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:01Z", - "updated_at": "2022-12-28T03:57:01Z", - "pushed_at": "2022-12-28T03:57:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45278.json b/2022/CVE-2022-45278.json deleted file mode 100644 index e77941720b..0000000000 --- a/2022/CVE-2022-45278.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856864, - "name": "CVE-2022-45278", - "full_name": "Live-Hack-CVE\/CVE-2022-45278", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45278", - "description": "Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the \/index.php\/admins\/Fields\/get_fields.html component. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:05Z", - "updated_at": "2022-12-28T03:57:05Z", - "pushed_at": "2022-12-28T03:57:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45280.json b/2022/CVE-2022-45280.json deleted file mode 100644 index 92f4dada56..0000000000 --- a/2022/CVE-2022-45280.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856873, - "name": "CVE-2022-45280", - "full_name": "Live-Hack-CVE\/CVE-2022-45280", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45280", - "description": "A cross-site scripting (XSS) vulnerability in the Url parameter in \/login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:08Z", - "updated_at": "2022-12-28T03:57:08Z", - "pushed_at": "2022-12-28T03:57:10Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45301.json b/2022/CVE-2022-45301.json deleted file mode 100644 index d6b54f0365..0000000000 --- a/2022/CVE-2022-45301.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840289, - "name": "CVE-2022-45301", - "full_name": "Live-Hack-CVE\/CVE-2022-45301", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45301", - "description": "Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\\tools\\ruby31 and all files located in that folder. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:30:47Z", - "updated_at": "2022-12-28T02:30:47Z", - "pushed_at": "2022-12-28T02:30:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45304.json b/2022/CVE-2022-45304.json deleted file mode 100644 index 29ee7ce8fb..0000000000 --- a/2022/CVE-2022-45304.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840298, - "name": "CVE-2022-45304", - "full_name": "Live-Hack-CVE\/CVE-2022-45304", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45304", - "description": "Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\\tools\\Cmder and all files located in that folder. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:30:50Z", - "updated_at": "2022-12-28T02:30:51Z", - "pushed_at": "2022-12-28T02:30:53Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45305.json b/2022/CVE-2022-45305.json deleted file mode 100644 index 89eab937a4..0000000000 --- a/2022/CVE-2022-45305.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840323, - "name": "CVE-2022-45305", - "full_name": "Live-Hack-CVE\/CVE-2022-45305", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45305", - "description": "Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\\Python311 and all files located in that folder. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:30:57Z", - "updated_at": "2022-12-28T02:30:57Z", - "pushed_at": "2022-12-28T02:30:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45306.json b/2022/CVE-2022-45306.json deleted file mode 100644 index 22bbea0a17..0000000000 --- a/2022/CVE-2022-45306.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840340, - "name": "CVE-2022-45306", - "full_name": "Live-Hack-CVE\/CVE-2022-45306", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45306", - "description": "Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\\agent and all files located in that folder. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:04Z", - "updated_at": "2022-12-28T02:31:04Z", - "pushed_at": "2022-12-28T02:31:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45307.json b/2022/CVE-2022-45307.json deleted file mode 100644 index c140920f1f..0000000000 --- a/2022/CVE-2022-45307.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840330, - "name": "CVE-2022-45307", - "full_name": "Live-Hack-CVE\/CVE-2022-45307", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45307", - "description": "Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\\tools\\php81 and all files located in that folder. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:01Z", - "updated_at": "2022-12-28T02:31:01Z", - "pushed_at": "2022-12-28T02:31:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45328.json b/2022/CVE-2022-45328.json deleted file mode 100644 index 92c99474ca..0000000000 --- a/2022/CVE-2022-45328.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833021, - "name": "CVE-2022-45328", - "full_name": "Live-Hack-CVE\/CVE-2022-45328", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45328", - "description": "Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at \/admin\/edit_members.php. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:53:34Z", - "updated_at": "2022-12-28T01:53:34Z", - "pushed_at": "2022-12-28T01:53:36Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45329.json b/2022/CVE-2022-45329.json deleted file mode 100644 index e508eeaf5b..0000000000 --- a/2022/CVE-2022-45329.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848034, - "name": "CVE-2022-45329", - "full_name": "Live-Hack-CVE\/CVE-2022-45329", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45329", - "description": "AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:10:28Z", - "updated_at": "2022-12-28T03:10:28Z", - "pushed_at": "2022-12-28T03:10:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45330.json b/2022/CVE-2022-45330.json deleted file mode 100644 index f7a43fb1e1..0000000000 --- a/2022/CVE-2022-45330.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865420, - "name": "CVE-2022-45330", - "full_name": "Live-Hack-CVE\/CVE-2022-45330", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45330", - "description": "AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \\category.php. This vulnerability allows attackers to access database information. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:02Z", - "updated_at": "2022-12-28T04:42:02Z", - "pushed_at": "2022-12-28T04:42:04Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45331.json b/2022/CVE-2022-45331.json deleted file mode 100644 index 5b5ebb80b6..0000000000 --- a/2022/CVE-2022-45331.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865433, - "name": "CVE-2022-45331", - "full_name": "Live-Hack-CVE\/CVE-2022-45331", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45331", - "description": "AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \\post.php. This vulnerability allows attackers to access database information. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:05Z", - "updated_at": "2022-12-28T04:42:05Z", - "pushed_at": "2022-12-28T04:42:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45332.json b/2022/CVE-2022-45332.json deleted file mode 100644 index cd248879ac..0000000000 --- a/2022/CVE-2022-45332.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832456, - "name": "CVE-2022-45332", - "full_name": "Live-Hack-CVE\/CVE-2022-45332", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45332", - "description": "LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:22Z", - "updated_at": "2022-12-28T01:50:22Z", - "pushed_at": "2022-12-28T01:50:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45337.json b/2022/CVE-2022-45337.json deleted file mode 100644 index 7efb179792..0000000000 --- a/2022/CVE-2022-45337.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832372, - "name": "CVE-2022-45337", - "full_name": "Live-Hack-CVE\/CVE-2022-45337", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45337", - "description": "Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at \/goform\/SetIpMacBind. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:57Z", - "updated_at": "2022-12-28T01:49:57Z", - "pushed_at": "2022-12-28T01:49:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45343.json b/2022/CVE-2022-45343.json deleted file mode 100644 index db5b2d30af..0000000000 --- a/2022/CVE-2022-45343.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833575, - "name": "CVE-2022-45343", - "full_name": "Live-Hack-CVE\/CVE-2022-45343", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45343", - "description": "GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at \/gpac\/src\/bifs\/unquantize.c. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:56:22Z", - "updated_at": "2022-12-28T01:56:22Z", - "pushed_at": "2022-12-28T01:56:24Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45363.json b/2022/CVE-2022-45363.json deleted file mode 100644 index 9387c51792..0000000000 --- a/2022/CVE-2022-45363.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582856686, - "name": "CVE-2022-45363", - "full_name": "Live-Hack-CVE\/CVE-2022-45363", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45363", - "description": "Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:56:11Z", - "updated_at": "2022-12-28T03:56:11Z", - "pushed_at": "2022-12-28T03:56:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45369.json b/2022/CVE-2022-45369.json deleted file mode 100644 index 6c838409d3..0000000000 --- a/2022/CVE-2022-45369.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582871952, - "name": "CVE-2022-45369", - "full_name": "Live-Hack-CVE\/CVE-2022-45369", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45369", - "description": "Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:15:23Z", - "updated_at": "2022-12-28T05:15:23Z", - "pushed_at": "2022-12-28T05:15:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45375.json b/2022/CVE-2022-45375.json new file mode 100644 index 0000000000..33598c173d --- /dev/null +++ b/2022/CVE-2022-45375.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891501, + "name": "CVE-2022-45375", + "full_name": "Live-Hack-CVE\/CVE-2022-45375", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45375", + "description": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:44Z", + "updated_at": "2022-12-28T06:39:44Z", + "pushed_at": "2022-12-28T06:39:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45379.json b/2022/CVE-2022-45379.json new file mode 100644 index 0000000000..79e0abb31c --- /dev/null +++ b/2022/CVE-2022-45379.json @@ -0,0 +1,31 @@ +[ + { + "id": 582890990, + "name": "CVE-2022-45379", + "full_name": "Live-Hack-CVE\/CVE-2022-45379", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45379", + "description": "Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:37:42Z", + "updated_at": "2022-12-28T06:37:42Z", + "pushed_at": "2022-12-28T06:37:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45380.json b/2022/CVE-2022-45380.json new file mode 100644 index 0000000000..9292533f6c --- /dev/null +++ b/2022/CVE-2022-45380.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891180, + "name": "CVE-2022-45380", + "full_name": "Live-Hack-CVE\/CVE-2022-45380", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45380", + "description": "Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item\/Configure permission. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:38:25Z", + "updated_at": "2022-12-28T06:38:25Z", + "pushed_at": "2022-12-28T06:38:28Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45381.json b/2022/CVE-2022-45381.json deleted file mode 100644 index b46fee1a59..0000000000 --- a/2022/CVE-2022-45381.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582849601, - "name": "CVE-2022-45381", - "full_name": "Live-Hack-CVE\/CVE-2022-45381", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45381", - "description": "Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:18:38Z", - "updated_at": "2022-12-28T03:18:38Z", - "pushed_at": "2022-12-28T03:18:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45382.json b/2022/CVE-2022-45382.json new file mode 100644 index 0000000000..60c7dbad26 --- /dev/null +++ b/2022/CVE-2022-45382.json @@ -0,0 +1,31 @@ +[ + { + "id": 582891370, + "name": "CVE-2022-45382", + "full_name": "Live-Hack-CVE\/CVE-2022-45382", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45382", + "description": "Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:39:09Z", + "updated_at": "2022-12-28T06:39:09Z", + "pushed_at": "2022-12-28T06:39:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45384.json b/2022/CVE-2022-45384.json new file mode 100644 index 0000000000..6399e31537 --- /dev/null +++ b/2022/CVE-2022-45384.json @@ -0,0 +1,31 @@ +[ + { + "id": 582892878, + "name": "CVE-2022-45384", + "full_name": "Live-Hack-CVE\/CVE-2022-45384", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45384", + "description": "Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T06:45:01Z", + "updated_at": "2022-12-28T06:45:01Z", + "pushed_at": "2022-12-28T06:45:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45385.json b/2022/CVE-2022-45385.json new file mode 100644 index 0000000000..46c9323f7c --- /dev/null +++ b/2022/CVE-2022-45385.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901048, + "name": "CVE-2022-45385", + "full_name": "Live-Hack-CVE\/CVE-2022-45385", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45385", + "description": "A missing permission check in Jenkins CloudBees Docker Hub\/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:18:41Z", + "updated_at": "2022-12-28T07:18:41Z", + "pushed_at": "2022-12-28T07:18:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45386.json b/2022/CVE-2022-45386.json new file mode 100644 index 0000000000..3e5ad3214e --- /dev/null +++ b/2022/CVE-2022-45386.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901078, + "name": "CVE-2022-45386", + "full_name": "Live-Hack-CVE\/CVE-2022-45386", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45386", + "description": "Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:18:48Z", + "updated_at": "2022-12-28T07:18:48Z", + "pushed_at": "2022-12-28T07:18:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45387.json b/2022/CVE-2022-45387.json new file mode 100644 index 0000000000..7691f3e0ea --- /dev/null +++ b/2022/CVE-2022-45387.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902168, + "name": "CVE-2022-45387", + "full_name": "Live-Hack-CVE\/CVE-2022-45387", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45387", + "description": "Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:22:42Z", + "updated_at": "2022-12-28T07:22:42Z", + "pushed_at": "2022-12-28T07:22:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45388.json b/2022/CVE-2022-45388.json new file mode 100644 index 0000000000..9939ef8a1a --- /dev/null +++ b/2022/CVE-2022-45388.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901566, + "name": "CVE-2022-45388", + "full_name": "Live-Hack-CVE\/CVE-2022-45388", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45388", + "description": "Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:21Z", + "updated_at": "2022-12-28T07:20:21Z", + "pushed_at": "2022-12-28T07:20:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45389.json b/2022/CVE-2022-45389.json new file mode 100644 index 0000000000..e95e3ef5bd --- /dev/null +++ b/2022/CVE-2022-45389.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901590, + "name": "CVE-2022-45389", + "full_name": "Live-Hack-CVE\/CVE-2022-45389", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45389", + "description": "A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:27Z", + "updated_at": "2022-12-28T07:20:27Z", + "pushed_at": "2022-12-28T07:20:29Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45390.json b/2022/CVE-2022-45390.json new file mode 100644 index 0000000000..c57762709b --- /dev/null +++ b/2022/CVE-2022-45390.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901702, + "name": "CVE-2022-45390", + "full_name": "Live-Hack-CVE\/CVE-2022-45390", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45390", + "description": "A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall\/Read permission to enumerate credentials IDs of credentials stored in Jenkins. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:59Z", + "updated_at": "2022-12-28T07:20:59Z", + "pushed_at": "2022-12-28T07:21:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45391.json b/2022/CVE-2022-45391.json new file mode 100644 index 0000000000..1db284538f --- /dev/null +++ b/2022/CVE-2022-45391.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901736, + "name": "CVE-2022-45391", + "full_name": "Live-Hack-CVE\/CVE-2022-45391", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45391", + "description": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL\/TLS certificate and hostname validation for the entire Jenkins controller JVM. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:07Z", + "updated_at": "2022-12-28T07:21:07Z", + "pushed_at": "2022-12-28T07:21:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45392.json b/2022/CVE-2022-45392.json new file mode 100644 index 0000000000..92b5607b3b --- /dev/null +++ b/2022/CVE-2022-45392.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901755, + "name": "CVE-2022-45392", + "full_name": "Live-Hack-CVE\/CVE-2022-45392", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45392", + "description": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:10Z", + "updated_at": "2022-12-28T07:21:10Z", + "pushed_at": "2022-12-28T07:21:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45393.json b/2022/CVE-2022-45393.json new file mode 100644 index 0000000000..cfede105b6 --- /dev/null +++ b/2022/CVE-2022-45393.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901580, + "name": "CVE-2022-45393", + "full_name": "Live-Hack-CVE\/CVE-2022-45393", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45393", + "description": "A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:24Z", + "updated_at": "2022-12-28T07:20:24Z", + "pushed_at": "2022-12-28T07:20:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45394.json b/2022/CVE-2022-45394.json new file mode 100644 index 0000000000..177e2715d7 --- /dev/null +++ b/2022/CVE-2022-45394.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901559, + "name": "CVE-2022-45394", + "full_name": "Live-Hack-CVE\/CVE-2022-45394", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45394", + "description": "A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item\/Read permission to delete build logs. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:17Z", + "updated_at": "2022-12-28T07:20:17Z", + "pushed_at": "2022-12-28T07:20:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45398.json b/2022/CVE-2022-45398.json new file mode 100644 index 0000000000..8725a92009 --- /dev/null +++ b/2022/CVE-2022-45398.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901543, + "name": "CVE-2022-45398", + "full_name": "Live-Hack-CVE\/CVE-2022-45398", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45398", + "description": "A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:14Z", + "updated_at": "2022-12-28T07:20:14Z", + "pushed_at": "2022-12-28T07:20:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45399.json b/2022/CVE-2022-45399.json new file mode 100644 index 0000000000..1c2760e830 --- /dev/null +++ b/2022/CVE-2022-45399.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901527, + "name": "CVE-2022-45399", + "full_name": "Live-Hack-CVE\/CVE-2022-45399", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45399", + "description": "A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:20:10Z", + "updated_at": "2022-12-28T07:20:10Z", + "pushed_at": "2022-12-28T07:20:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45401.json b/2022/CVE-2022-45401.json new file mode 100644 index 0000000000..25a20762a2 --- /dev/null +++ b/2022/CVE-2022-45401.json @@ -0,0 +1,31 @@ +[ + { + "id": 582901777, + "name": "CVE-2022-45401", + "full_name": "Live-Hack-CVE\/CVE-2022-45401", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45401", + "description": "Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item\/Configure permission. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:21:17Z", + "updated_at": "2022-12-28T07:21:17Z", + "pushed_at": "2022-12-28T07:21:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45402.json b/2022/CVE-2022-45402.json new file mode 100644 index 0000000000..df957118cc --- /dev/null +++ b/2022/CVE-2022-45402.json @@ -0,0 +1,31 @@ +[ + { + "id": 582902613, + "name": "CVE-2022-45402", + "full_name": "Live-Hack-CVE\/CVE-2022-45402", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45402", + "description": "In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `\/login` endpoint. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-28T07:24:37Z", + "updated_at": "2022-12-28T07:24:37Z", + "pushed_at": "2022-12-28T07:24:39Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-45422.json b/2022/CVE-2022-45422.json deleted file mode 100644 index 2b94385437..0000000000 --- a/2022/CVE-2022-45422.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865619, - "name": "CVE-2022-45422", - "full_name": "Live-Hack-CVE\/CVE-2022-45422", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45422", - "description": "When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:03Z", - "updated_at": "2022-12-28T04:43:03Z", - "pushed_at": "2022-12-28T04:43:06Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45442.json b/2022/CVE-2022-45442.json deleted file mode 100644 index 458010177a..0000000000 --- a/2022/CVE-2022-45442.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833180, - "name": "CVE-2022-45442", - "full_name": "Live-Hack-CVE\/CVE-2022-45442", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45442", - "description": "Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supp CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:25Z", - "updated_at": "2022-12-28T01:54:25Z", - "pushed_at": "2022-12-28T01:54:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45462.json b/2022/CVE-2022-45462.json deleted file mode 100644 index e2b9bbdc2c..0000000000 --- a/2022/CVE-2022-45462.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863690, - "name": "CVE-2022-45462", - "full_name": "Live-Hack-CVE\/CVE-2022-45462", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45462", - "description": "Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:17Z", - "updated_at": "2022-12-28T04:33:17Z", - "pushed_at": "2022-12-28T04:33:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45470.json b/2022/CVE-2022-45470.json deleted file mode 100644 index 1e667cdde3..0000000000 --- a/2022/CVE-2022-45470.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865109, - "name": "CVE-2022-45470", - "full_name": "Live-Hack-CVE\/CVE-2022-45470", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45470", - "description": "** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:40:23Z", - "updated_at": "2022-12-28T04:40:23Z", - "pushed_at": "2022-12-28T04:40:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45471.json b/2022/CVE-2022-45471.json deleted file mode 100644 index 7a5d5501da..0000000000 --- a/2022/CVE-2022-45471.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582873995, - "name": "CVE-2022-45471", - "full_name": "Live-Hack-CVE\/CVE-2022-45471", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45471", - "description": "In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T05:24:21Z", - "updated_at": "2022-12-28T05:24:21Z", - "pushed_at": "2022-12-28T05:24:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45472.json b/2022/CVE-2022-45472.json deleted file mode 100644 index 73023212f8..0000000000 --- a/2022/CVE-2022-45472.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582863706, - "name": "CVE-2022-45472", - "full_name": "Live-Hack-CVE\/CVE-2022-45472", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45472", - "description": "CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:33:20Z", - "updated_at": "2022-12-28T04:33:20Z", - "pushed_at": "2022-12-28T04:33:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45473.json b/2022/CVE-2022-45473.json deleted file mode 100644 index 40faf2120b..0000000000 --- a/2022/CVE-2022-45473.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582855898, - "name": "CVE-2022-45473", - "full_name": "Live-Hack-CVE\/CVE-2022-45473", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45473", - "description": "In drachtio-server 0.8.18, \/var\/log\/drachtio has mode 0777 and drachtio.log has mode 0666. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:51:43Z", - "updated_at": "2022-12-28T03:51:43Z", - "pushed_at": "2022-12-28T03:51:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45474.json b/2022/CVE-2022-45474.json deleted file mode 100644 index 5eacc9e1bf..0000000000 --- a/2022/CVE-2022-45474.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582855910, - "name": "CVE-2022-45474", - "full_name": "Live-Hack-CVE\/CVE-2022-45474", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45474", - "description": "drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:51:46Z", - "updated_at": "2022-12-28T03:51:46Z", - "pushed_at": "2022-12-28T03:51:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45475.json b/2022/CVE-2022-45475.json deleted file mode 100644 index f4eba138a0..0000000000 --- a/2022/CVE-2022-45475.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817706, - "name": "CVE-2022-45475", - "full_name": "Live-Hack-CVE\/CVE-2022-45475", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45475", - "description": "Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:48Z", - "updated_at": "2022-12-28T00:24:48Z", - "pushed_at": "2022-12-28T00:24:50Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45476.json b/2022/CVE-2022-45476.json deleted file mode 100644 index ba11e2cd0d..0000000000 --- a/2022/CVE-2022-45476.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817475, - "name": "CVE-2022-45476", - "full_name": "Live-Hack-CVE\/CVE-2022-45476", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45476", - "description": "Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:23:32Z", - "updated_at": "2022-12-28T00:23:32Z", - "pushed_at": "2022-12-28T00:23:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45480.json b/2022/CVE-2022-45480.json deleted file mode 100644 index 037d01b1c9..0000000000 --- a/2022/CVE-2022-45480.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812126, - "name": "CVE-2022-45480", - "full_name": "Live-Hack-CVE\/CVE-2022-45480", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45480", - "description": "PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1\/AV:L\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:37Z", - "updated_at": "2022-12-27T23:52:37Z", - "pushed_at": "2022-12-27T23:52:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45482.json b/2022/CVE-2022-45482.json deleted file mode 100644 index d19b28c798..0000000000 --- a/2022/CVE-2022-45482.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812134, - "name": "CVE-2022-45482", - "full_name": "Live-Hack-CVE\/CVE-2022-45482", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45482", - "description": "Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:40Z", - "updated_at": "2022-12-27T23:52:40Z", - "pushed_at": "2022-12-27T23:52:42Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45483.json b/2022/CVE-2022-45483.json deleted file mode 100644 index 403e396525..0000000000 --- a/2022/CVE-2022-45483.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812161, - "name": "CVE-2022-45483", - "full_name": "Live-Hack-CVE\/CVE-2022-45483", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45483", - "description": "Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1\/AV:L\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:47Z", - "updated_at": "2022-12-27T23:52:47Z", - "pushed_at": "2022-12-27T23:52:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45529.json b/2022/CVE-2022-45529.json deleted file mode 100644 index 41e1555faa..0000000000 --- a/2022/CVE-2022-45529.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865737, - "name": "CVE-2022-45529", - "full_name": "Live-Hack-CVE\/CVE-2022-45529", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45529", - "description": "AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \\admin\\includes\\edit_post.php. This vulnerability allows attackers to access database information. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:43:37Z", - "updated_at": "2022-12-28T04:43:37Z", - "pushed_at": "2022-12-28T04:43:39Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45535.json b/2022/CVE-2022-45535.json deleted file mode 100644 index ae7f6f9300..0000000000 --- a/2022/CVE-2022-45535.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865493, - "name": "CVE-2022-45535", - "full_name": "Live-Hack-CVE\/CVE-2022-45535", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45535", - "description": "AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \\admin\\categories.php. This vulnerability allows attackers to access database information. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:26Z", - "updated_at": "2022-12-28T04:42:26Z", - "pushed_at": "2022-12-28T04:42:28Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45536.json b/2022/CVE-2022-45536.json deleted file mode 100644 index 3a3fe2d628..0000000000 --- a/2022/CVE-2022-45536.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582865460, - "name": "CVE-2022-45536", - "full_name": "Live-Hack-CVE\/CVE-2022-45536", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45536", - "description": "AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \\admin\\post_comments.php. This vulnerability allows attackers to access database information. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T04:42:15Z", - "updated_at": "2022-12-28T04:42:15Z", - "pushed_at": "2022-12-28T04:42:17Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45562.json b/2022/CVE-2022-45562.json deleted file mode 100644 index 44b7cc2e05..0000000000 --- a/2022/CVE-2022-45562.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812024, - "name": "CVE-2022-45562", - "full_name": "Live-Hack-CVE\/CVE-2022-45562", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45562", - "description": "Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:06Z", - "updated_at": "2022-12-27T23:52:06Z", - "pushed_at": "2022-12-27T23:52:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45640.json b/2022/CVE-2022-45640.json deleted file mode 100644 index c1c9634497..0000000000 --- a/2022/CVE-2022-45640.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812072, - "name": "CVE-2022-45640", - "full_name": "Live-Hack-CVE\/CVE-2022-45640", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45640", - "description": "Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:20Z", - "updated_at": "2022-12-27T23:52:20Z", - "pushed_at": "2022-12-27T23:52:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45641.json b/2022/CVE-2022-45641.json deleted file mode 100644 index 05a8460b95..0000000000 --- a/2022/CVE-2022-45641.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811398, - "name": "CVE-2022-45641", - "full_name": "Live-Hack-CVE\/CVE-2022-45641", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45641", - "description": "Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:20Z", - "updated_at": "2022-12-27T23:48:20Z", - "pushed_at": "2022-12-27T23:48:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45643.json b/2022/CVE-2022-45643.json deleted file mode 100644 index 790f0cb8ee..0000000000 --- a/2022/CVE-2022-45643.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811344, - "name": "CVE-2022-45643", - "full_name": "Live-Hack-CVE\/CVE-2022-45643", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45643", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:02Z", - "updated_at": "2022-12-27T23:48:03Z", - "pushed_at": "2022-12-27T23:48:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45644.json b/2022/CVE-2022-45644.json deleted file mode 100644 index 2085153fda..0000000000 --- a/2022/CVE-2022-45644.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811814, - "name": "CVE-2022-45644", - "full_name": "Live-Hack-CVE\/CVE-2022-45644", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45644", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:50:57Z", - "updated_at": "2022-12-27T23:50:57Z", - "pushed_at": "2022-12-27T23:51:00Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45645.json b/2022/CVE-2022-45645.json deleted file mode 100644 index e1145d7638..0000000000 --- a/2022/CVE-2022-45645.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811830, - "name": "CVE-2022-45645", - "full_name": "Live-Hack-CVE\/CVE-2022-45645", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45645", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:01Z", - "updated_at": "2022-12-27T23:51:01Z", - "pushed_at": "2022-12-27T23:51:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45652.json b/2022/CVE-2022-45652.json deleted file mode 100644 index 57c045eabd..0000000000 --- a/2022/CVE-2022-45652.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811357, - "name": "CVE-2022-45652", - "full_name": "Live-Hack-CVE\/CVE-2022-45652", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45652", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:06Z", - "updated_at": "2022-12-27T23:48:06Z", - "pushed_at": "2022-12-27T23:48:08Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45653.json b/2022/CVE-2022-45653.json deleted file mode 100644 index 88edb02bf0..0000000000 --- a/2022/CVE-2022-45653.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811538, - "name": "CVE-2022-45653", - "full_name": "Live-Hack-CVE\/CVE-2022-45653", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45653", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:06Z", - "updated_at": "2022-12-27T23:49:06Z", - "pushed_at": "2022-12-27T23:49:09Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45654.json b/2022/CVE-2022-45654.json deleted file mode 100644 index ba54213e3f..0000000000 --- a/2022/CVE-2022-45654.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811499, - "name": "CVE-2022-45654", - "full_name": "Live-Hack-CVE\/CVE-2022-45654", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45654", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:56Z", - "updated_at": "2022-12-27T23:48:56Z", - "pushed_at": "2022-12-27T23:48:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45655.json b/2022/CVE-2022-45655.json deleted file mode 100644 index 4b7b9337e5..0000000000 --- a/2022/CVE-2022-45655.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811480, - "name": "CVE-2022-45655", - "full_name": "Live-Hack-CVE\/CVE-2022-45655", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45655", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:48Z", - "updated_at": "2022-12-27T23:48:48Z", - "pushed_at": "2022-12-27T23:48:50Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45656.json b/2022/CVE-2022-45656.json deleted file mode 100644 index e58ffff6bb..0000000000 --- a/2022/CVE-2022-45656.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811492, - "name": "CVE-2022-45656", - "full_name": "Live-Hack-CVE\/CVE-2022-45656", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45656", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:52Z", - "updated_at": "2022-12-27T23:48:52Z", - "pushed_at": "2022-12-27T23:48:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45657.json b/2022/CVE-2022-45657.json deleted file mode 100644 index 46f1c300bc..0000000000 --- a/2022/CVE-2022-45657.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811412, - "name": "CVE-2022-45657", - "full_name": "Live-Hack-CVE\/CVE-2022-45657", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45657", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:23Z", - "updated_at": "2022-12-27T23:48:23Z", - "pushed_at": "2022-12-27T23:48:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45658.json b/2022/CVE-2022-45658.json deleted file mode 100644 index cc50948bed..0000000000 --- a/2022/CVE-2022-45658.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811470, - "name": "CVE-2022-45658", - "full_name": "Live-Hack-CVE\/CVE-2022-45658", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45658", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:45Z", - "updated_at": "2022-12-27T23:48:45Z", - "pushed_at": "2022-12-27T23:48:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45659.json b/2022/CVE-2022-45659.json deleted file mode 100644 index 7cddb085b4..0000000000 --- a/2022/CVE-2022-45659.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811561, - "name": "CVE-2022-45659", - "full_name": "Live-Hack-CVE\/CVE-2022-45659", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45659", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:17Z", - "updated_at": "2022-12-27T23:49:17Z", - "pushed_at": "2022-12-27T23:49:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45660.json b/2022/CVE-2022-45660.json deleted file mode 100644 index ea3f4c97a1..0000000000 --- a/2022/CVE-2022-45660.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811544, - "name": "CVE-2022-45660", - "full_name": "Live-Hack-CVE\/CVE-2022-45660", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45660", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:10Z", - "updated_at": "2022-12-27T23:49:10Z", - "pushed_at": "2022-12-27T23:49:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45661.json b/2022/CVE-2022-45661.json deleted file mode 100644 index a2b61a2e7c..0000000000 --- a/2022/CVE-2022-45661.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811554, - "name": "CVE-2022-45661", - "full_name": "Live-Hack-CVE\/CVE-2022-45661", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45661", - "description": "Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:14Z", - "updated_at": "2022-12-27T23:49:14Z", - "pushed_at": "2022-12-27T23:49:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45663.json b/2022/CVE-2022-45663.json deleted file mode 100644 index 35794eaaf0..0000000000 --- a/2022/CVE-2022-45663.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811511, - "name": "CVE-2022-45663", - "full_name": "Live-Hack-CVE\/CVE-2022-45663", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45663", - "description": "Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:59Z", - "updated_at": "2022-12-27T23:48:59Z", - "pushed_at": "2022-12-27T23:49:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45664.json b/2022/CVE-2022-45664.json deleted file mode 100644 index e5c4e8f623..0000000000 --- a/2022/CVE-2022-45664.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811522, - "name": "CVE-2022-45664", - "full_name": "Live-Hack-CVE\/CVE-2022-45664", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45664", - "description": "Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:03Z", - "updated_at": "2022-12-27T23:49:03Z", - "pushed_at": "2022-12-27T23:49:05Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45667.json b/2022/CVE-2022-45667.json deleted file mode 100644 index 51aca4db4b..0000000000 --- a/2022/CVE-2022-45667.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811568, - "name": "CVE-2022-45667", - "full_name": "Live-Hack-CVE\/CVE-2022-45667", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45667", - "description": "Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:21Z", - "updated_at": "2022-12-27T23:49:21Z", - "pushed_at": "2022-12-27T23:49:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45668.json b/2022/CVE-2022-45668.json deleted file mode 100644 index 212c7ec703..0000000000 --- a/2022/CVE-2022-45668.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811574, - "name": "CVE-2022-45668", - "full_name": "Live-Hack-CVE\/CVE-2022-45668", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45668", - "description": "Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:49:24Z", - "updated_at": "2022-12-27T23:49:24Z", - "pushed_at": "2022-12-27T23:49:26Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45669.json b/2022/CVE-2022-45669.json deleted file mode 100644 index fadc74a121..0000000000 --- a/2022/CVE-2022-45669.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811294, - "name": "CVE-2022-45669", - "full_name": "Live-Hack-CVE\/CVE-2022-45669", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45669", - "description": "Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:49Z", - "updated_at": "2022-12-27T23:47:49Z", - "pushed_at": "2022-12-27T23:47:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45670.json b/2022/CVE-2022-45670.json deleted file mode 100644 index b105744d9b..0000000000 --- a/2022/CVE-2022-45670.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811313, - "name": "CVE-2022-45670", - "full_name": "Live-Hack-CVE\/CVE-2022-45670", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45670", - "description": "Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:52Z", - "updated_at": "2022-12-27T23:47:52Z", - "pushed_at": "2022-12-27T23:47:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45671.json b/2022/CVE-2022-45671.json deleted file mode 100644 index dca17d2ee2..0000000000 --- a/2022/CVE-2022-45671.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811325, - "name": "CVE-2022-45671", - "full_name": "Live-Hack-CVE\/CVE-2022-45671", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45671", - "description": "Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:56Z", - "updated_at": "2022-12-27T23:47:56Z", - "pushed_at": "2022-12-27T23:47:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45672.json b/2022/CVE-2022-45672.json deleted file mode 100644 index 184d6deb9f..0000000000 --- a/2022/CVE-2022-45672.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811336, - "name": "CVE-2022-45672", - "full_name": "Live-Hack-CVE\/CVE-2022-45672", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45672", - "description": "Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:47:59Z", - "updated_at": "2022-12-27T23:47:59Z", - "pushed_at": "2022-12-27T23:48:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45673.json b/2022/CVE-2022-45673.json deleted file mode 100644 index 86673d46c7..0000000000 --- a/2022/CVE-2022-45673.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811367, - "name": "CVE-2022-45673", - "full_name": "Live-Hack-CVE\/CVE-2022-45673", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45673", - "description": "Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:09Z", - "updated_at": "2022-12-27T23:48:09Z", - "pushed_at": "2022-12-27T23:48:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45674.json b/2022/CVE-2022-45674.json deleted file mode 100644 index 163ccddc57..0000000000 --- a/2022/CVE-2022-45674.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811385, - "name": "CVE-2022-45674", - "full_name": "Live-Hack-CVE\/CVE-2022-45674", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45674", - "description": "Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:48:16Z", - "updated_at": "2022-12-27T23:48:16Z", - "pushed_at": "2022-12-27T23:48:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45842.json b/2022/CVE-2022-45842.json deleted file mode 100644 index 9612766f76..0000000000 --- a/2022/CVE-2022-45842.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832552, - "name": "CVE-2022-45842", - "full_name": "Live-Hack-CVE\/CVE-2022-45842", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45842", - "description": "Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase\/decrease rating scores. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:50:57Z", - "updated_at": "2022-12-28T01:50:57Z", - "pushed_at": "2022-12-28T01:50:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45866.json b/2022/CVE-2022-45866.json deleted file mode 100644 index 8e9ab646ce..0000000000 --- a/2022/CVE-2022-45866.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817784, - "name": "CVE-2022-45866", - "full_name": "Live-Hack-CVE\/CVE-2022-45866", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45866", - "description": "qpress before PierreLvx\/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ..\/ in a .qp file. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:25:16Z", - "updated_at": "2022-12-28T00:25:16Z", - "pushed_at": "2022-12-28T00:25:19Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45868.json b/2022/CVE-2022-45868.json deleted file mode 100644 index 2f9bb418c5..0000000000 --- a/2022/CVE-2022-45868.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841314, - "name": "CVE-2022-45868", - "full_name": "Live-Hack-CVE\/CVE-2022-45868", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45868", - "description": "The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be a CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:35:52Z", - "updated_at": "2022-12-28T02:35:52Z", - "pushed_at": "2022-12-28T02:35:54Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45869.json b/2022/CVE-2022-45869.json deleted file mode 100644 index 79ebb2b9c2..0000000000 --- a/2022/CVE-2022-45869.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582811837, - "name": "CVE-2022-45869", - "full_name": "Live-Hack-CVE\/CVE-2022-45869", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45869", - "description": "A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:51:05Z", - "updated_at": "2022-12-27T23:51:05Z", - "pushed_at": "2022-12-27T23:51:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45872.json b/2022/CVE-2022-45872.json deleted file mode 100644 index b6dce5e3bc..0000000000 --- a/2022/CVE-2022-45872.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841341, - "name": "CVE-2022-45872", - "full_name": "Live-Hack-CVE\/CVE-2022-45872", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45872", - "description": "iTerm2 before 3.4.18 mishandles a DECRQSS response. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:35:59Z", - "updated_at": "2022-12-28T02:35:59Z", - "pushed_at": "2022-12-28T02:36:01Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45873.json b/2022/CVE-2022-45873.json deleted file mode 100644 index 62550fa5f4..0000000000 --- a/2022/CVE-2022-45873.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582840454, - "name": "CVE-2022-45873", - "full_name": "Live-Hack-CVE\/CVE-2022-45873", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45873", - "description": "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared\/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make it CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:31:42Z", - "updated_at": "2022-12-28T02:31:42Z", - "pushed_at": "2022-12-28T02:31:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45884.json b/2022/CVE-2022-45884.json deleted file mode 100644 index 9c546bd8d3..0000000000 --- a/2022/CVE-2022-45884.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848530, - "name": "CVE-2022-45884", - "full_name": "Live-Hack-CVE\/CVE-2022-45884", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45884", - "description": "An issue was discovered in the Linux kernel through 6.0.9. drivers\/media\/dvb-core\/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:00Z", - "updated_at": "2022-12-28T03:13:00Z", - "pushed_at": "2022-12-28T03:13:03Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45885.json b/2022/CVE-2022-45885.json deleted file mode 100644 index 2565e61715..0000000000 --- a/2022/CVE-2022-45885.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848547, - "name": "CVE-2022-45885", - "full_name": "Live-Hack-CVE\/CVE-2022-45885", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45885", - "description": "An issue was discovered in the Linux kernel through 6.0.9. drivers\/media\/dvb-core\/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:05Z", - "updated_at": "2022-12-28T03:13:05Z", - "pushed_at": "2022-12-28T03:13:07Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45886.json b/2022/CVE-2022-45886.json deleted file mode 100644 index 882dab5ae8..0000000000 --- a/2022/CVE-2022-45886.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848555, - "name": "CVE-2022-45886", - "full_name": "Live-Hack-CVE\/CVE-2022-45886", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45886", - "description": "An issue was discovered in the Linux kernel through 6.0.9. drivers\/media\/dvb-core\/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:09Z", - "updated_at": "2022-12-28T03:13:09Z", - "pushed_at": "2022-12-28T03:13:11Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45887.json b/2022/CVE-2022-45887.json deleted file mode 100644 index 2aeae08a22..0000000000 --- a/2022/CVE-2022-45887.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848571, - "name": "CVE-2022-45887", - "full_name": "Live-Hack-CVE\/CVE-2022-45887", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45887", - "description": "An issue was discovered in the Linux kernel through 6.0.9. drivers\/media\/usb\/ttusb-dec\/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:12Z", - "updated_at": "2022-12-28T03:13:12Z", - "pushed_at": "2022-12-28T03:13:14Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45888.json b/2022/CVE-2022-45888.json deleted file mode 100644 index 3e3d1fcbf9..0000000000 --- a/2022/CVE-2022-45888.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582848584, - "name": "CVE-2022-45888", - "full_name": "Live-Hack-CVE\/CVE-2022-45888", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45888", - "description": "An issue was discovered in the Linux kernel through 6.0.9. drivers\/char\/xillybus\/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:13:16Z", - "updated_at": "2022-12-28T03:13:16Z", - "pushed_at": "2022-12-28T03:13:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45907.json b/2022/CVE-2022-45907.json deleted file mode 100644 index 286695c851..0000000000 --- a/2022/CVE-2022-45907.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857001, - "name": "CVE-2022-45907", - "full_name": "Live-Hack-CVE\/CVE-2022-45907", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45907", - "description": "In PyTorch before trunk\/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:46Z", - "updated_at": "2022-12-28T03:57:46Z", - "pushed_at": "2022-12-28T03:57:48Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45908.json b/2022/CVE-2022-45908.json deleted file mode 100644 index e62524220d..0000000000 --- a/2022/CVE-2022-45908.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839972, - "name": "CVE-2022-45908", - "full_name": "Live-Hack-CVE\/CVE-2022-45908", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45908", - "description": "In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:29:28Z", - "updated_at": "2022-12-28T02:29:28Z", - "pushed_at": "2022-12-28T02:29:30Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45919.json b/2022/CVE-2022-45919.json deleted file mode 100644 index 950c106ba6..0000000000 --- a/2022/CVE-2022-45919.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582857014, - "name": "CVE-2022-45919", - "full_name": "Live-Hack-CVE\/CVE-2022-45919", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45919", - "description": "An issue was discovered in the Linux kernel through 6.0.10. In drivers\/media\/dvb-core\/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T03:57:49Z", - "updated_at": "2022-12-28T03:57:49Z", - "pushed_at": "2022-12-28T03:57:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45921.json b/2022/CVE-2022-45921.json deleted file mode 100644 index 6fde53df5f..0000000000 --- a/2022/CVE-2022-45921.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833191, - "name": "CVE-2022-45921", - "full_name": "Live-Hack-CVE\/CVE-2022-45921", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45921", - "description": "FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:29Z", - "updated_at": "2022-12-28T01:54:29Z", - "pushed_at": "2022-12-28T01:54:31Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45930.json b/2022/CVE-2022-45930.json deleted file mode 100644 index 9bcd807325..0000000000 --- a/2022/CVE-2022-45930.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841285, - "name": "CVE-2022-45930", - "full_name": "Live-Hack-CVE\/CVE-2022-45930", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45930", - "description": "A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2\/src\/main\/java\/org\/opendaylight\/aaa\/datastore\/h2\/DomainStore.java deleteDomain function is affected for the \/auth\/v1\/domains\/ API interface. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:35:45Z", - "updated_at": "2022-12-28T02:35:45Z", - "pushed_at": "2022-12-28T02:35:47Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45931.json b/2022/CVE-2022-45931.json deleted file mode 100644 index cf0ab9cd2c..0000000000 --- a/2022/CVE-2022-45931.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841304, - "name": "CVE-2022-45931", - "full_name": "Live-Hack-CVE\/CVE-2022-45931", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45931", - "description": "A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2\/src\/main\/java\/org\/opendaylight\/aaa\/datastore\/h2\/UserStore.java deleteUser function is affected when the API interface \/auth\/v1\/users\/ is used. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:35:49Z", - "updated_at": "2022-12-28T02:35:49Z", - "pushed_at": "2022-12-28T02:35:51Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45932.json b/2022/CVE-2022-45932.json deleted file mode 100644 index 7a2576d61d..0000000000 --- a/2022/CVE-2022-45932.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582841326, - "name": "CVE-2022-45932", - "full_name": "Live-Hack-CVE\/CVE-2022-45932", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45932", - "description": "A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2\/src\/main\/java\/org\/opendaylight\/aaa\/datastore\/h2\/RoleStore.java deleteRole function is affected when the API interface \/auth\/v1\/roles\/ is used. CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:35:56Z", - "updated_at": "2022-12-28T02:35:56Z", - "pushed_at": "2022-12-28T02:35:58Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45933.json b/2022/CVE-2022-45933.json deleted file mode 100644 index 05bcc94134..0000000000 --- a/2022/CVE-2022-45933.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582839871, - "name": "CVE-2022-45933", - "full_name": "Live-Hack-CVE\/CVE-2022-45933", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45933", - "description": "KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api\/scrape\/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a \"fun side project and a learning exerci CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T02:28:47Z", - "updated_at": "2022-12-28T02:28:47Z", - "pushed_at": "2022-12-28T02:28:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-45939.json b/2022/CVE-2022-45939.json deleted file mode 100644 index 8c5fe6110b..0000000000 --- a/2022/CVE-2022-45939.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833965, - "name": "CVE-2022-45939", - "full_name": "Live-Hack-CVE\/CVE-2022-45939", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-45939", - "description": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src\/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the \"ctags *\" command (suggested in the ctags documentation) in a s CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:58:14Z", - "updated_at": "2022-12-28T01:58:14Z", - "pushed_at": "2022-12-28T01:58:16Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46146.json b/2022/CVE-2022-46146.json deleted file mode 100644 index e69f7d14ed..0000000000 --- a/2022/CVE-2022-46146.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812241, - "name": "CVE-2022-46146", - "full_name": "Live-Hack-CVE\/CVE-2022-46146", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46146", - "description": "Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There i CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:53:18Z", - "updated_at": "2022-12-27T23:53:18Z", - "pushed_at": "2022-12-27T23:53:22Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46147.json b/2022/CVE-2022-46147.json deleted file mode 100644 index c19dc34d11..0000000000 --- a/2022/CVE-2022-46147.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833202, - "name": "CVE-2022-46147", - "full_name": "Live-Hack-CVE\/CVE-2022-46147", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46147", - "description": "Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this iss CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:54:32Z", - "updated_at": "2022-12-28T01:54:32Z", - "pushed_at": "2022-12-28T01:54:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46148.json b/2022/CVE-2022-46148.json deleted file mode 100644 index 99c373ced8..0000000000 --- a/2022/CVE-2022-46148.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833389, - "name": "CVE-2022-46148", - "full_name": "Live-Hack-CVE\/CVE-2022-46148", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46148", - "description": "Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which hav CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:21Z", - "updated_at": "2022-12-28T01:55:21Z", - "pushed_at": "2022-12-28T01:55:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46150.json b/2022/CVE-2022-46150.json deleted file mode 100644 index 6c34ba0696..0000000000 --- a/2022/CVE-2022-46150.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582833398, - "name": "CVE-2022-46150", - "full_name": "Live-Hack-CVE\/CVE-2022-46150", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46150", - "description": "Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in ve CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:55:25Z", - "updated_at": "2022-12-28T01:55:25Z", - "pushed_at": "2022-12-28T01:55:27Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46152.json b/2022/CVE-2022-46152.json deleted file mode 100644 index eded685482..0000000000 --- a/2022/CVE-2022-46152.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832160, - "name": "CVE-2022-46152", - "full_name": "Live-Hack-CVE\/CVE-2022-46152", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46152", - "description": "OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_ CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:48Z", - "updated_at": "2022-12-28T01:48:48Z", - "pushed_at": "2022-12-28T01:48:50Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46155.json b/2022/CVE-2022-46155.json deleted file mode 100644 index 2ede1c9342..0000000000 --- a/2022/CVE-2022-46155.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832071, - "name": "CVE-2022-46155", - "full_name": "Live-Hack-CVE\/CVE-2022-46155", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46155", - "description": "Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL e CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:48:18Z", - "updated_at": "2022-12-28T01:48:18Z", - "pushed_at": "2022-12-28T01:48:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46156.json b/2022/CVE-2022-46156.json deleted file mode 100644 index 3db4d07bf6..0000000000 --- a/2022/CVE-2022-46156.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582817670, - "name": "CVE-2022-46156", - "full_name": "Live-Hack-CVE\/CVE-2022-46156", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46156", - "description": "The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate wit CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T00:24:38Z", - "updated_at": "2022-12-28T00:24:38Z", - "pushed_at": "2022-12-28T00:24:40Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46159.json b/2022/CVE-2022-46159.json deleted file mode 100644 index f502d2495b..0000000000 --- a/2022/CVE-2022-46159.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582812082, - "name": "CVE-2022-46159", - "full_name": "Live-Hack-CVE\/CVE-2022-46159", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46159", - "description": "Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary sit CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-27T23:52:23Z", - "updated_at": "2022-12-27T23:52:23Z", - "pushed_at": "2022-12-27T23:52:25Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46162.json b/2022/CVE-2022-46162.json deleted file mode 100644 index a1144ce7f1..0000000000 --- a/2022/CVE-2022-46162.json +++ /dev/null @@ -1,31 +0,0 @@ -[ - { - "id": 582832340, - "name": "CVE-2022-46162", - "full_name": "Live-Hack-CVE\/CVE-2022-46162", - "owner": { - "login": "Live-Hack-CVE", - "id": 121191732, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", - "html_url": "https:\/\/github.com\/Live-Hack-CVE" - }, - "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46162", - "description": "discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. A CVE project by @Sn0wAlice", - "fork": false, - "created_at": "2022-12-28T01:49:47Z", - "updated_at": "2022-12-28T01:49:47Z", - "pushed_at": "2022-12-28T01:49:49Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2022/CVE-2022-46689.json b/2022/CVE-2022-46689.json index 584a9987b7..6d519a5570 100644 --- a/2022/CVE-2022-46689.json +++ b/2022/CVE-2022-46689.json @@ -13,19 +13,48 @@ "description": "Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.", "fork": false, "created_at": "2022-12-26T06:56:35Z", - "updated_at": "2022-12-28T06:10:40Z", - "pushed_at": "2022-12-28T03:53:09Z", - "stargazers_count": 179, - "watchers_count": 179, + "updated_at": "2022-12-28T12:27:48Z", + "pushed_at": "2022-12-28T07:24:52Z", + "stargazers_count": 221, + "watchers_count": 221, "has_discussions": false, - "forks_count": 17, + "forks_count": 18, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 17, - "watchers": 179, + "forks": 18, + "watchers": 221, + "score": 0 + }, + { + "id": 582638407, + "name": "CVE-2022-46689", + "full_name": "Live-Hack-CVE\/CVE-2022-46689", + "owner": { + "login": "Live-Hack-CVE", + "id": 121191732, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121191732?v=4", + "html_url": "https:\/\/github.com\/Live-Hack-CVE" + }, + "html_url": "https:\/\/github.com\/Live-Hack-CVE\/CVE-2022-46689", + "description": "A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. CVE project by @Sn0wAlice", + "fork": false, + "created_at": "2022-12-27T12:46:23Z", + "updated_at": "2022-12-27T12:46:23Z", + "pushed_at": "2022-12-28T07:11:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 1, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 1, + "watchers": 0, "score": 0 } ] \ No newline at end of file diff --git a/README.md b/README.md index 5f9761c8b1..5bbf74e4d4 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,37 @@ # PoC in GitHub ## 2022 -### CVE-2022-0171 (2022-08-26) +### CVE-2022-0031 (2022-11-09) -A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). +A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. -- [Live-Hack-CVE/CVE-2022-0171](https://github.com/Live-Hack-CVE/CVE-2022-0171) +- [Live-Hack-CVE/CVE-2022-0031](https://github.com/Live-Hack-CVE/CVE-2022-0031) + +### CVE-2022-0137 (2022-11-14) + + +A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. + + +- [Live-Hack-CVE/CVE-2022-0137](https://github.com/Live-Hack-CVE/CVE-2022-0137) + +### CVE-2022-0174 (2022-01-10) + + +dolibarr is vulnerable to Business Logic Errors + + +- [Live-Hack-CVE/CVE-2022-0174](https://github.com/Live-Hack-CVE/CVE-2022-0174) + +### CVE-2022-0175 (2022-08-26) + + +A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. + + +- [Live-Hack-CVE/CVE-2022-0175](https://github.com/Live-Hack-CVE/CVE-2022-0175) ### CVE-2022-0185 (2022-02-11) @@ -23,6 +47,14 @@ A heap-based buffer overflow flaw was found in the way the legacy_parse_param fu - [veritas501/CVE-2022-0185-PipeVersion](https://github.com/veritas501/CVE-2022-0185-PipeVersion) - [featherL/CVE-2022-0185-exploit](https://github.com/featherL/CVE-2022-0185-exploit) +### CVE-2022-0213 (2022-01-14) + + +vim is vulnerable to Heap-based Buffer Overflow + + +- [Live-Hack-CVE/CVE-2022-0213](https://github.com/Live-Hack-CVE/CVE-2022-0213) + ### CVE-2022-0219 (2022-01-20) @@ -31,21 +63,13 @@ Improper Restriction of XML External Entity Reference in GitHub repository skylo - [Haxatron/CVE-2022-0219](https://github.com/Haxatron/CVE-2022-0219) -### CVE-2022-0222 (2022-11-22) +### CVE-2022-0224 (2022-01-14) -A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) +dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command -- [Live-Hack-CVE/CVE-2022-0222](https://github.com/Live-Hack-CVE/CVE-2022-0222) - -### CVE-2022-0235 (2022-01-16) - - -node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - - -- [Live-Hack-CVE/CVE-2022-0235](https://github.com/Live-Hack-CVE/CVE-2022-0235) +- [Live-Hack-CVE/CVE-2022-0224](https://github.com/Live-Hack-CVE/CVE-2022-0224) ### CVE-2022-0236 (2022-01-18) @@ -56,6 +80,22 @@ The WP Import Export WordPress plugin (both free and premium versions) is vulner - [qurbat/CVE-2022-0236](https://github.com/qurbat/CVE-2022-0236) - [xiska62314/CVE-2022-0236](https://github.com/xiska62314/CVE-2022-0236) +### CVE-2022-0261 (2022-01-18) + + +Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. + + +- [Live-Hack-CVE/CVE-2022-0261](https://github.com/Live-Hack-CVE/CVE-2022-0261) + +### CVE-2022-0264 (2022-02-04) + + +A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 + + +- [Live-Hack-CVE/CVE-2022-0264](https://github.com/Live-Hack-CVE/CVE-2022-0264) + ### CVE-2022-0265 (2022-03-03) @@ -64,13 +104,21 @@ Improper Restriction of XML External Entity Reference in GitHub repository hazel - [achuna33/CVE-2022-0265](https://github.com/achuna33/CVE-2022-0265) -### CVE-2022-0318 (2022-01-21) +### CVE-2022-0319 (2022-01-21) -Heap-based Buffer Overflow in vim/vim prior to 8.2. +Out-of-bounds Read in vim/vim prior to 8.2. -- [Live-Hack-CVE/CVE-2022-0318](https://github.com/Live-Hack-CVE/CVE-2022-0318) +- [Live-Hack-CVE/CVE-2022-0319](https://github.com/Live-Hack-CVE/CVE-2022-0319) + +### CVE-2022-0324 (2022-11-14) + + +There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. + + +- [Live-Hack-CVE/CVE-2022-0324](https://github.com/Live-Hack-CVE/CVE-2022-0324) ### CVE-2022-0332 (2022-01-25) @@ -83,29 +131,61 @@ A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was ### CVE-2022-0337 - [Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera](https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera) -### CVE-2022-0382 (2022-02-11) +### CVE-2022-0351 (2022-01-25) -An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1. +Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. -- [Live-Hack-CVE/CVE-2022-0382](https://github.com/Live-Hack-CVE/CVE-2022-0382) +- [Live-Hack-CVE/CVE-2022-0351](https://github.com/Live-Hack-CVE/CVE-2022-0351) -### CVE-2022-0392 (2022-01-28) +### CVE-2022-0359 (2022-01-26) -Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. +Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. -- [Live-Hack-CVE/CVE-2022-0392](https://github.com/Live-Hack-CVE/CVE-2022-0392) +- [Live-Hack-CVE/CVE-2022-0359](https://github.com/Live-Hack-CVE/CVE-2022-0359) -### CVE-2022-0421 (2022-11-21) +### CVE-2022-0361 (2022-01-26) -The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments +Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. -- [Live-Hack-CVE/CVE-2022-0421](https://github.com/Live-Hack-CVE/CVE-2022-0421) +- [Live-Hack-CVE/CVE-2022-0361](https://github.com/Live-Hack-CVE/CVE-2022-0361) + +### CVE-2022-0368 (2022-01-26) + + +Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. + + +- [Live-Hack-CVE/CVE-2022-0368](https://github.com/Live-Hack-CVE/CVE-2022-0368) + +### CVE-2022-0391 (2022-02-09) + + +A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. + + +- [Live-Hack-CVE/CVE-2022-0391](https://github.com/Live-Hack-CVE/CVE-2022-0391) + +### CVE-2022-0396 (2022-03-23) + + +BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. + + +- [Live-Hack-CVE/CVE-2022-0396](https://github.com/Live-Hack-CVE/CVE-2022-0396) + +### CVE-2022-0414 (2022-01-31) + + +Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. + + +- [Live-Hack-CVE/CVE-2022-0414](https://github.com/Live-Hack-CVE/CVE-2022-0414) ### CVE-2022-0441 (2022-03-07) @@ -123,14 +203,6 @@ Exposure of Private Personal Information to an Unauthorized Actor in GitHub repo - [Acceis/exploit-CVE-2022-0482](https://github.com/Acceis/exploit-CVE-2022-0482) -### CVE-2022-0485 (2022-08-29) - - -A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. - - -- [Live-Hack-CVE/CVE-2022-0485](https://github.com/Live-Hack-CVE/CVE-2022-0485) - ### CVE-2022-0486 (2022-05-17) @@ -176,53 +248,21 @@ It was discovered, that redis, a persistent key-value database, due to a packagi - [aodsec/CVE-2022-0543](https://github.com/aodsec/CVE-2022-0543) -### CVE-2022-0554 (2022-02-10) +### CVE-2022-0561 (2022-02-11) -Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. +Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. -- [Live-Hack-CVE/CVE-2022-0554](https://github.com/Live-Hack-CVE/CVE-2022-0554) +- [Live-Hack-CVE/CVE-2022-0561](https://github.com/Live-Hack-CVE/CVE-2022-0561) -### CVE-2022-0613 (2022-02-16) +### CVE-2022-0562 (2022-02-11) -Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. +Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. -- [Live-Hack-CVE/CVE-2022-0613](https://github.com/Live-Hack-CVE/CVE-2022-0613) - -### CVE-2022-0629 (2022-02-17) - - -Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. - - -- [Live-Hack-CVE/CVE-2022-0629](https://github.com/Live-Hack-CVE/CVE-2022-0629) - -### CVE-2022-0696 (2022-02-21) - - -NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. - - -- [Live-Hack-CVE/CVE-2022-0696](https://github.com/Live-Hack-CVE/CVE-2022-0696) - -### CVE-2022-0698 (2022-11-25) - - -Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. - - -- [Live-Hack-CVE/CVE-2022-0698](https://github.com/Live-Hack-CVE/CVE-2022-0698) - -### CVE-2022-0714 (2022-02-22) - - -Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. - - -- [Live-Hack-CVE/CVE-2022-0714](https://github.com/Live-Hack-CVE/CVE-2022-0714) +- [Live-Hack-CVE/CVE-2022-0562](https://github.com/Live-Hack-CVE/CVE-2022-0562) ### CVE-2022-0725 (2022-03-07) @@ -232,6 +272,22 @@ A flaw was found in keepass. The vulnerability occurs due to logging the plain t - [ByteHackr/keepass_poc](https://github.com/ByteHackr/keepass_poc) +### CVE-2022-0731 (2022-02-23) + + +Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. + + +- [Live-Hack-CVE/CVE-2022-0731](https://github.com/Live-Hack-CVE/CVE-2022-0731) + +### CVE-2022-0746 (2022-02-25) + + +Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. + + +- [Live-Hack-CVE/CVE-2022-0746](https://github.com/Live-Hack-CVE/CVE-2022-0746) + ### CVE-2022-0778 (2022-03-15) @@ -242,6 +298,7 @@ The BN_mod_sqrt() function, which computes a modular square root, contains a bug - [yywing/cve-2022-0778](https://github.com/yywing/cve-2022-0778) - [jkakavas/CVE-2022-0778-POC](https://github.com/jkakavas/CVE-2022-0778-POC) - [0xUhaw/CVE-2022-0778](https://github.com/0xUhaw/CVE-2022-0778) +- [Live-Hack-CVE/CVE-2022-0778](https://github.com/Live-Hack-CVE/CVE-2022-0778) ### CVE-2022-0811 (2022-03-16) @@ -251,6 +308,14 @@ A flaw was found in CRI-O in the way it set kernel options for a pod. This issue - [spiarh/webhook-cve-2022-0811](https://github.com/spiarh/webhook-cve-2022-0811) +### CVE-2022-0819 (2022-03-02) + + +Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. + + +- [Live-Hack-CVE/CVE-2022-0819](https://github.com/Live-Hack-CVE/CVE-2022-0819) + ### CVE-2022-0824 (2022-03-02) @@ -356,6 +421,14 @@ A vulnerability was discovered in the 389 Directory Server that allows an unauth - [NathanMulbrook/CVE-2022-0918](https://github.com/NathanMulbrook/CVE-2022-0918) +### CVE-2022-0924 (2022-03-11) + + +Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. + + +- [Live-Hack-CVE/CVE-2022-0924](https://github.com/Live-Hack-CVE/CVE-2022-0924) + ### CVE-2022-0995 (2022-03-25) @@ -398,6 +471,14 @@ The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin - [V35HR4J/CVE-2022-1051](https://github.com/V35HR4J/CVE-2022-1051) +### CVE-2022-1056 (2022-03-28) + + +Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. + + +- [Live-Hack-CVE/CVE-2022-1056](https://github.com/Live-Hack-CVE/CVE-2022-1056) + ### CVE-2022-1077 (2022-03-29) @@ -430,14 +511,6 @@ Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7. - [Greenwolf/CVE-2022-1175](https://github.com/Greenwolf/CVE-2022-1175) -### CVE-2022-1184 (2022-08-29) - - -A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. - - -- [Live-Hack-CVE/CVE-2022-1184](https://github.com/Live-Hack-CVE/CVE-2022-1184) - ### CVE-2022-1192 (2022-05-23) @@ -446,21 +519,21 @@ The Turn off all comments WordPress plugin through 1.0 does not sanitise and esc - [Mouhamedtec/CVE-2022-1192](https://github.com/Mouhamedtec/CVE-2022-1192) -### CVE-2022-1233 (2022-04-04) +### CVE-2022-1203 (2022-05-30) -URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. +The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options -- [Live-Hack-CVE/CVE-2022-1233](https://github.com/Live-Hack-CVE/CVE-2022-1233) +- [Live-Hack-CVE/CVE-2022-1203](https://github.com/Live-Hack-CVE/CVE-2022-1203) -### CVE-2022-1270 (2022-09-28) +### CVE-2022-1210 (2022-04-03) -In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. +A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. -- [Live-Hack-CVE/CVE-2022-1270](https://github.com/Live-Hack-CVE/CVE-2022-1270) +- [Live-Hack-CVE/CVE-2022-1210](https://github.com/Live-Hack-CVE/CVE-2022-1210) ### CVE-2022-1292 (2022-05-03) @@ -482,14 +555,7 @@ The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized - [AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit](https://github.com/AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit) - [mcdulltii/CVE-2022-1329](https://github.com/mcdulltii/CVE-2022-1329) - [Grazee/CVE-2022-1329-WordPress-Elementor-RCE](https://github.com/Grazee/CVE-2022-1329-WordPress-Elementor-RCE) - -### CVE-2022-1365 (2022-04-15) - - -Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. - - -- [Live-Hack-CVE/CVE-2022-1365](https://github.com/Live-Hack-CVE/CVE-2022-1365) +- [Live-Hack-CVE/CVE-2022-1329](https://github.com/Live-Hack-CVE/CVE-2022-1329) ### CVE-2022-1388 (2022-05-05) @@ -550,29 +616,21 @@ On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. - [Chocapikk/CVE-2022-1388](https://github.com/Chocapikk/CVE-2022-1388) - [electr0lulz/Mass-CVE-2022-1388](https://github.com/electr0lulz/Mass-CVE-2022-1388) -### CVE-2022-1578 (2022-11-21) +### CVE-2022-1391 (2022-04-25) -The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack +The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. -- [Live-Hack-CVE/CVE-2022-1578](https://github.com/Live-Hack-CVE/CVE-2022-1578) +- [Live-Hack-CVE/CVE-2022-1391](https://github.com/Live-Hack-CVE/CVE-2022-1391) -### CVE-2022-1579 (2022-11-21) +### CVE-2022-1566 (2022-05-30) -The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. +The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file -- [Live-Hack-CVE/CVE-2022-1579](https://github.com/Live-Hack-CVE/CVE-2022-1579) - -### CVE-2022-1581 (2022-11-21) - - -The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. - - -- [Live-Hack-CVE/CVE-2022-1581](https://github.com/Live-Hack-CVE/CVE-2022-1581) +- [Live-Hack-CVE/CVE-2022-1566](https://github.com/Live-Hack-CVE/CVE-2022-1566) ### CVE-2022-1597 (2022-06-06) @@ -590,83 +648,11 @@ The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy a - [V35HR4J/CVE-2022-1598](https://github.com/V35HR4J/CVE-2022-1598) -### CVE-2022-1606 (2022-11-30) - - -Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. - - -- [Live-Hack-CVE/CVE-2022-1606](https://github.com/Live-Hack-CVE/CVE-2022-1606) - ### CVE-2022-1609 - [savior-only/CVE-2022-1609](https://github.com/savior-only/CVE-2022-1609) - [NullBrunk/CVE-2022-1609](https://github.com/NullBrunk/CVE-2022-1609) - [0xSojalSec/-CVE-2022-1609](https://github.com/0xSojalSec/-CVE-2022-1609) -### CVE-2022-1619 (2022-05-08) - - -Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution - - -- [Live-Hack-CVE/CVE-2022-1619](https://github.com/Live-Hack-CVE/CVE-2022-1619) - -### CVE-2022-1621 (2022-05-09) - - -Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution - - -- [Live-Hack-CVE/CVE-2022-1621](https://github.com/Live-Hack-CVE/CVE-2022-1621) - -### CVE-2022-1623 (2022-05-11) - - -LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. - - -- [Live-Hack-CVE/CVE-2022-1623](https://github.com/Live-Hack-CVE/CVE-2022-1623) - -### CVE-2022-1664 (2022-05-26) - - -Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. - - -- [Live-Hack-CVE/CVE-2022-1664](https://github.com/Live-Hack-CVE/CVE-2022-1664) - -### CVE-2022-1674 (2022-05-12) - - -NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. - - -- [Live-Hack-CVE/CVE-2022-1674](https://github.com/Live-Hack-CVE/CVE-2022-1674) - -### CVE-2022-1679 (2022-05-16) - - -A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. - - -- [Live-Hack-CVE/CVE-2022-1679](https://github.com/Live-Hack-CVE/CVE-2022-1679) - -### CVE-2022-1785 (2022-05-19) - - -Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. - - -- [Live-Hack-CVE/CVE-2022-1785](https://github.com/Live-Hack-CVE/CVE-2022-1785) - -### CVE-2022-1897 (2022-05-27) - - -Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. - - -- [Live-Hack-CVE/CVE-2022-1897](https://github.com/Live-Hack-CVE/CVE-2022-1897) - ### CVE-2022-1903 (2022-06-27) @@ -675,21 +661,13 @@ The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (ev - [biulove0x/CVE-2022-1903](https://github.com/biulove0x/CVE-2022-1903) -### CVE-2022-1911 (2022-11-30) +### CVE-2022-1928 (2022-05-29) -Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. +Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. -- [Live-Hack-CVE/CVE-2022-1911](https://github.com/Live-Hack-CVE/CVE-2022-1911) - -### CVE-2022-1942 (2022-05-31) - - -Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. - - -- [Live-Hack-CVE/CVE-2022-1942](https://github.com/Live-Hack-CVE/CVE-2022-1942) +- [Live-Hack-CVE/CVE-2022-1928](https://github.com/Live-Hack-CVE/CVE-2022-1928) ### CVE-2022-1966 - [ASkyeye/CVE-2022-1966](https://github.com/ASkyeye/CVE-2022-1966) @@ -697,14 +675,6 @@ Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ### CVE-2022-1972 - [randorisec/CVE-2022-1972-infoleak-PoC](https://github.com/randorisec/CVE-2022-1972-infoleak-PoC) -### CVE-2022-2000 (2022-06-07) - - -Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. - - -- [Live-Hack-CVE/CVE-2022-2000](https://github.com/Live-Hack-CVE/CVE-2022-2000) - ### CVE-2022-2022 (2022-06-07) @@ -713,13 +683,21 @@ Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to - [GREENHAT7/pxplan](https://github.com/GREENHAT7/pxplan) -### CVE-2022-2129 (2022-06-19) +### CVE-2022-2042 (2022-06-10) -Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. +Use After Free in GitHub repository vim/vim prior to 8.2. -- [Live-Hack-CVE/CVE-2022-2129](https://github.com/Live-Hack-CVE/CVE-2022-2129) +- [Live-Hack-CVE/CVE-2022-2042](https://github.com/Live-Hack-CVE/CVE-2022-2042) + +### CVE-2022-2060 (2022-06-13) + + +Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. + + +- [Live-Hack-CVE/CVE-2022-2060](https://github.com/Live-Hack-CVE/CVE-2022-2060) ### CVE-2022-2153 (2022-08-31) @@ -729,37 +707,37 @@ A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. - [Live-Hack-CVE/CVE-2022-2153](https://github.com/Live-Hack-CVE/CVE-2022-2153) -### CVE-2022-2294 (2022-07-27) +### CVE-2022-2166 (2022-11-15) -Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. +Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. -- [Live-Hack-CVE/CVE-2022-2294](https://github.com/Live-Hack-CVE/CVE-2022-2294) +- [Live-Hack-CVE/CVE-2022-2166](https://github.com/Live-Hack-CVE/CVE-2022-2166) -### CVE-2022-2311 (2022-11-28) +### CVE-2022-2188 (2022-11-07) -The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue. +Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. -- [Live-Hack-CVE/CVE-2022-2311](https://github.com/Live-Hack-CVE/CVE-2022-2311) +- [Live-Hack-CVE/CVE-2022-2188](https://github.com/Live-Hack-CVE/CVE-2022-2188) -### CVE-2022-2319 (2022-09-01) +### CVE-2022-2207 (2022-06-27) -A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. +Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. -- [Live-Hack-CVE/CVE-2022-2319](https://github.com/Live-Hack-CVE/CVE-2022-2319) +- [Live-Hack-CVE/CVE-2022-2207](https://github.com/Live-Hack-CVE/CVE-2022-2207) -### CVE-2022-2320 (2022-09-01) +### CVE-2022-2214 (2022-06-27) -A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. +A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. -- [Live-Hack-CVE/CVE-2022-2320](https://github.com/Live-Hack-CVE/CVE-2022-2320) +- [Live-Hack-CVE/CVE-2022-2214](https://github.com/Live-Hack-CVE/CVE-2022-2214) ### CVE-2022-2333 (2022-09-16) @@ -769,6 +747,30 @@ If an attacker manages to trick a valid user into loading a malicious DLL, the a - [shirouQwQ/CVE-2022-2333](https://github.com/shirouQwQ/CVE-2022-2333) +### CVE-2022-2387 (2022-11-07) + + +The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack + + +- [Live-Hack-CVE/CVE-2022-2387](https://github.com/Live-Hack-CVE/CVE-2022-2387) + +### CVE-2022-2449 (2022-11-14) + + +The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. + + +- [Live-Hack-CVE/CVE-2022-2449](https://github.com/Live-Hack-CVE/CVE-2022-2449) + +### CVE-2022-2450 (2022-11-14) + + +The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. + + +- [Live-Hack-CVE/CVE-2022-2450](https://github.com/Live-Hack-CVE/CVE-2022-2450) + ### CVE-2022-2476 (2022-07-19) @@ -777,29 +779,21 @@ A null pointer dereference bug was found in wavpack-5.4.0 The results from the A - [Live-Hack-CVE/CVE-2022-2476](https://github.com/Live-Hack-CVE/CVE-2022-2476) -### CVE-2022-2553 (2022-07-28) +### CVE-2022-2526 (2022-09-09) -The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. +A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. -- [Live-Hack-CVE/CVE-2022-2553](https://github.com/Live-Hack-CVE/CVE-2022-2553) +- [Live-Hack-CVE/CVE-2022-2526](https://github.com/Live-Hack-CVE/CVE-2022-2526) -### CVE-2022-2625 (2022-08-18) +### CVE-2022-2637 (2022-10-06) -A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. +Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects: Hitachi Storage Plug-in for VMware vCenter 04.8.0. -- [Live-Hack-CVE/CVE-2022-2625](https://github.com/Live-Hack-CVE/CVE-2022-2625) - -### CVE-2022-2650 (2022-11-24) - - -Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. - - -- [Live-Hack-CVE/CVE-2022-2650](https://github.com/Live-Hack-CVE/CVE-2022-2650) +- [Live-Hack-CVE/CVE-2022-2637](https://github.com/Live-Hack-CVE/CVE-2022-2637) ### CVE-2022-2663 (2022-09-01) @@ -809,69 +803,77 @@ An issue was found in the Linux kernel in nf_conntrack_irc where the message han - [Live-Hack-CVE/CVE-2022-2663](https://github.com/Live-Hack-CVE/CVE-2022-2663) -### CVE-2022-2721 (2022-11-24) +### CVE-2022-2711 (2022-11-07) -In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. +The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. -- [Live-Hack-CVE/CVE-2022-2721](https://github.com/Live-Hack-CVE/CVE-2022-2721) +- [Live-Hack-CVE/CVE-2022-2711](https://github.com/Live-Hack-CVE/CVE-2022-2711) -### CVE-2022-2791 (2022-11-22) +### CVE-2022-2756 (2022-08-10) -Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. +Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. -- [Live-Hack-CVE/CVE-2022-2791](https://github.com/Live-Hack-CVE/CVE-2022-2791) +- [Live-Hack-CVE/CVE-2022-2756](https://github.com/Live-Hack-CVE/CVE-2022-2756) -### CVE-2022-2807 (2022-12-02) +### CVE-2022-2758 (2022-08-31) -Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. +Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic. -- [Live-Hack-CVE/CVE-2022-2807](https://github.com/Live-Hack-CVE/CVE-2022-2807) +- [Live-Hack-CVE/CVE-2022-2758](https://github.com/Live-Hack-CVE/CVE-2022-2758) -### CVE-2022-2808 (2022-12-02) +### CVE-2022-2761 (2022-11-09) -Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability. +An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to. -- [Live-Hack-CVE/CVE-2022-2808](https://github.com/Live-Hack-CVE/CVE-2022-2808) +- [Live-Hack-CVE/CVE-2022-2761](https://github.com/Live-Hack-CVE/CVE-2022-2761) -### CVE-2022-2840 (2022-09-19) +### CVE-2022-2781 (2022-10-06) -The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections +In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. -- [Live-Hack-CVE/CVE-2022-2840](https://github.com/Live-Hack-CVE/CVE-2022-2840) +- [Live-Hack-CVE/CVE-2022-2781](https://github.com/Live-Hack-CVE/CVE-2022-2781) -### CVE-2022-2867 (2022-08-17) +### CVE-2022-2783 (2022-10-06) -libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. +In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token -- [Live-Hack-CVE/CVE-2022-2867](https://github.com/Live-Hack-CVE/CVE-2022-2867) +- [Live-Hack-CVE/CVE-2022-2783](https://github.com/Live-Hack-CVE/CVE-2022-2783) -### CVE-2022-2868 (2022-08-17) +### CVE-2022-2787 (2022-08-27) -libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. +Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. -- [Live-Hack-CVE/CVE-2022-2868](https://github.com/Live-Hack-CVE/CVE-2022-2868) +- [Live-Hack-CVE/CVE-2022-2787](https://github.com/Live-Hack-CVE/CVE-2022-2787) -### CVE-2022-2869 (2022-08-17) +### CVE-2022-2863 (2022-09-16) -libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. +The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack -- [Live-Hack-CVE/CVE-2022-2869](https://github.com/Live-Hack-CVE/CVE-2022-2869) +- [Live-Hack-CVE/CVE-2022-2863](https://github.com/Live-Hack-CVE/CVE-2022-2863) + +### CVE-2022-2881 (2022-09-21) + + +The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. + + +- [Live-Hack-CVE/CVE-2022-2881](https://github.com/Live-Hack-CVE/CVE-2022-2881) ### CVE-2022-2905 (2022-09-09) @@ -881,22 +883,6 @@ An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem - [Live-Hack-CVE/CVE-2022-2905](https://github.com/Live-Hack-CVE/CVE-2022-2905) -### CVE-2022-2906 (2022-09-21) - - -An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. - - -- [Live-Hack-CVE/CVE-2022-2906](https://github.com/Live-Hack-CVE/CVE-2022-2906) - -### CVE-2022-2928 (2022-10-07) - - -In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. - - -- [Live-Hack-CVE/CVE-2022-2928](https://github.com/Live-Hack-CVE/CVE-2022-2928) - ### CVE-2022-2929 (2022-10-07) @@ -905,21 +891,21 @@ In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system w - [Live-Hack-CVE/CVE-2022-2929](https://github.com/Live-Hack-CVE/CVE-2022-2929) -### CVE-2022-2975 (2022-10-06) +### CVE-2022-2986 (2022-10-06) -A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. +Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. -- [Live-Hack-CVE/CVE-2022-2975](https://github.com/Live-Hack-CVE/CVE-2022-2975) +- [Live-Hack-CVE/CVE-2022-2986](https://github.com/Live-Hack-CVE/CVE-2022-2986) -### CVE-2022-2983 (2022-11-28) +### CVE-2022-3002 (2022-10-06) -The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. +Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. -- [Live-Hack-CVE/CVE-2022-2983](https://github.com/Live-Hack-CVE/CVE-2022-2983) +- [Live-Hack-CVE/CVE-2022-3002](https://github.com/Live-Hack-CVE/CVE-2022-3002) ### CVE-2022-3028 (2022-08-31) @@ -937,29 +923,13 @@ Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any - [Live-Hack-CVE/CVE-2022-3061](https://github.com/Live-Hack-CVE/CVE-2022-3061) -### CVE-2022-3080 (2022-09-21) +### CVE-2022-3122 (2022-09-05) -By sending specific queries to the resolver, an attacker can cause named to crash. +A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3080](https://github.com/Live-Hack-CVE/CVE-2022-3080) - -### CVE-2022-3090 (2022-11-17) - - -Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. - - -- [Live-Hack-CVE/CVE-2022-3090](https://github.com/Live-Hack-CVE/CVE-2022-3090) - -### CVE-2022-3097 (2022-10-25) - - -The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. - - -- [Live-Hack-CVE/CVE-2022-3097](https://github.com/Live-Hack-CVE/CVE-2022-3097) +- [Live-Hack-CVE/CVE-2022-3122](https://github.com/Live-Hack-CVE/CVE-2022-3122) ### CVE-2022-3176 (2022-09-16) @@ -969,125 +939,69 @@ There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() a - [Live-Hack-CVE/CVE-2022-3176](https://github.com/Live-Hack-CVE/CVE-2022-3176) -### CVE-2022-3196 (2022-09-26) +### CVE-2022-3195 (2022-09-26) -Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) +Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) -- [Live-Hack-CVE/CVE-2022-3196](https://github.com/Live-Hack-CVE/CVE-2022-3196) +- [Live-Hack-CVE/CVE-2022-3195](https://github.com/Live-Hack-CVE/CVE-2022-3195) -### CVE-2022-3197 (2022-09-26) +### CVE-2022-3238 (2022-11-14) -Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) +A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. -- [Live-Hack-CVE/CVE-2022-3197](https://github.com/Live-Hack-CVE/CVE-2022-3197) +- [Live-Hack-CVE/CVE-2022-3238](https://github.com/Live-Hack-CVE/CVE-2022-3238) -### CVE-2022-3198 (2022-09-26) +### CVE-2022-3240 (2022-11-15) -Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) +The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. -- [Live-Hack-CVE/CVE-2022-3198](https://github.com/Live-Hack-CVE/CVE-2022-3198) +- [Live-Hack-CVE/CVE-2022-3240](https://github.com/Live-Hack-CVE/CVE-2022-3240) -### CVE-2022-3199 (2022-09-26) +### CVE-2022-3265 (2022-11-09) -Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) +A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. -- [Live-Hack-CVE/CVE-2022-3199](https://github.com/Live-Hack-CVE/CVE-2022-3199) +- [Live-Hack-CVE/CVE-2022-3265](https://github.com/Live-Hack-CVE/CVE-2022-3265) -### CVE-2022-3200 (2022-09-26) +### CVE-2022-3280 (2022-11-09) -Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) +An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. -- [Live-Hack-CVE/CVE-2022-3200](https://github.com/Live-Hack-CVE/CVE-2022-3200) +- [Live-Hack-CVE/CVE-2022-3280](https://github.com/Live-Hack-CVE/CVE-2022-3280) -### CVE-2022-3201 (2022-09-26) +### CVE-2022-3285 (2022-11-09) -Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) +Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab -- [Live-Hack-CVE/CVE-2022-3201](https://github.com/Live-Hack-CVE/CVE-2022-3201) +- [Live-Hack-CVE/CVE-2022-3285](https://github.com/Live-Hack-CVE/CVE-2022-3285) -### CVE-2022-3226 (2022-12-01) +### CVE-2022-3340 (2022-11-04) -An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. +XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. -- [Live-Hack-CVE/CVE-2022-3226](https://github.com/Live-Hack-CVE/CVE-2022-3226) +- [Live-Hack-CVE/CVE-2022-3340](https://github.com/Live-Hack-CVE/CVE-2022-3340) -### CVE-2022-3235 (2022-09-18) +### CVE-2022-3362 (2022-11-14) -Use After Free in GitHub repository vim/vim prior to 9.0.0490. +Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. -- [Live-Hack-CVE/CVE-2022-3235](https://github.com/Live-Hack-CVE/CVE-2022-3235) - -### CVE-2022-3256 (2022-09-22) - - -Use After Free in GitHub repository vim/vim prior to 9.0.0530. - - -- [Live-Hack-CVE/CVE-2022-3256](https://github.com/Live-Hack-CVE/CVE-2022-3256) - -### CVE-2022-3303 (2022-09-27) - - -A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition - - -- [Live-Hack-CVE/CVE-2022-3303](https://github.com/Live-Hack-CVE/CVE-2022-3303) - -### CVE-2022-3336 (2022-11-21) - - -The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack - - -- [Live-Hack-CVE/CVE-2022-3336](https://github.com/Live-Hack-CVE/CVE-2022-3336) - -### CVE-2022-3352 (2022-09-29) - - -Use After Free in GitHub repository vim/vim prior to 9.0.0614. - - -- [Live-Hack-CVE/CVE-2022-3352](https://github.com/Live-Hack-CVE/CVE-2022-3352) - -### CVE-2022-3361 (2022-11-29) - - -The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users. - - -- [Live-Hack-CVE/CVE-2022-3361](https://github.com/Live-Hack-CVE/CVE-2022-3361) - -### CVE-2022-3370 (2022-10-31) - - -Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-3370](https://github.com/Live-Hack-CVE/CVE-2022-3370) - -### CVE-2022-3373 (2022-10-31) - - -Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-3373](https://github.com/Live-Hack-CVE/CVE-2022-3373) +- [Live-Hack-CVE/CVE-2022-3362](https://github.com/Live-Hack-CVE/CVE-2022-3362) ### CVE-2022-3377 (2022-11-15) @@ -1097,37 +1011,173 @@ Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validat - [Live-Hack-CVE/CVE-2022-3377](https://github.com/Live-Hack-CVE/CVE-2022-3377) -### CVE-2022-3383 (2022-11-29) +### CVE-2022-3413 (2022-11-09) -The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server. +Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. -- [Live-Hack-CVE/CVE-2022-3383](https://github.com/Live-Hack-CVE/CVE-2022-3383) +- [Live-Hack-CVE/CVE-2022-3413](https://github.com/Live-Hack-CVE/CVE-2022-3413) -### CVE-2022-3384 (2022-11-29) +### CVE-2022-3415 (2022-11-14) -The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server. +The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message -- [Live-Hack-CVE/CVE-2022-3384](https://github.com/Live-Hack-CVE/CVE-2022-3384) +- [Live-Hack-CVE/CVE-2022-3415](https://github.com/Live-Hack-CVE/CVE-2022-3415) -### CVE-2022-3490 (2022-11-28) +### CVE-2022-3418 (2022-11-07) -The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present +The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files -- [Live-Hack-CVE/CVE-2022-3490](https://github.com/Live-Hack-CVE/CVE-2022-3490) +- [Live-Hack-CVE/CVE-2022-3418](https://github.com/Live-Hack-CVE/CVE-2022-3418) -### CVE-2022-3511 (2022-11-28) +### CVE-2022-3445 (2022-11-09) -The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector +Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) -- [Live-Hack-CVE/CVE-2022-3511](https://github.com/Live-Hack-CVE/CVE-2022-3511) +- [Live-Hack-CVE/CVE-2022-3445](https://github.com/Live-Hack-CVE/CVE-2022-3445) + +### CVE-2022-3446 (2022-11-09) + + +Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + + +- [Live-Hack-CVE/CVE-2022-3446](https://github.com/Live-Hack-CVE/CVE-2022-3446) + +### CVE-2022-3447 (2022-11-09) + + +Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) + + +- [Live-Hack-CVE/CVE-2022-3447](https://github.com/Live-Hack-CVE/CVE-2022-3447) + +### CVE-2022-3448 (2022-11-09) + + +Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + + +- [Live-Hack-CVE/CVE-2022-3448](https://github.com/Live-Hack-CVE/CVE-2022-3448) + +### CVE-2022-3449 (2022-11-09) + + +Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) + + +- [Live-Hack-CVE/CVE-2022-3449](https://github.com/Live-Hack-CVE/CVE-2022-3449) + +### CVE-2022-3450 (2022-11-09) + + +Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + + +- [Live-Hack-CVE/CVE-2022-3450](https://github.com/Live-Hack-CVE/CVE-2022-3450) + +### CVE-2022-3451 (2022-11-07) + + +The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options + + +- [Live-Hack-CVE/CVE-2022-3451](https://github.com/Live-Hack-CVE/CVE-2022-3451) + +### CVE-2022-3461 (2022-11-15) + + +In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. + + +- [Live-Hack-CVE/CVE-2022-3461](https://github.com/Live-Hack-CVE/CVE-2022-3461) + +### CVE-2022-3462 (2022-11-07) + + +The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + + +- [Live-Hack-CVE/CVE-2022-3462](https://github.com/Live-Hack-CVE/CVE-2022-3462) + +### CVE-2022-3463 (2022-11-07) + + +The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection + + +- [Live-Hack-CVE/CVE-2022-3463](https://github.com/Live-Hack-CVE/CVE-2022-3463) + +### CVE-2022-3469 (2022-11-14) + + +The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). + + +- [Live-Hack-CVE/CVE-2022-3469](https://github.com/Live-Hack-CVE/CVE-2022-3469) + +### CVE-2022-3477 (2022-11-14) + + +The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address + + +- [Live-Hack-CVE/CVE-2022-3477](https://github.com/Live-Hack-CVE/CVE-2022-3477) + +### CVE-2022-3480 (2022-11-15) + + +A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue. + + +- [Live-Hack-CVE/CVE-2022-3480](https://github.com/Live-Hack-CVE/CVE-2022-3480) + +### CVE-2022-3483 (2022-11-09) + + +An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. + + +- [Live-Hack-CVE/CVE-2022-3483](https://github.com/Live-Hack-CVE/CVE-2022-3483) + +### CVE-2022-3484 (2022-11-14) + + +The WPB Show Core WordPress plugin through TODO does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting + + +- [Live-Hack-CVE/CVE-2022-3484](https://github.com/Live-Hack-CVE/CVE-2022-3484) + +### CVE-2022-3486 (2022-11-09) + + +An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. + + +- [Live-Hack-CVE/CVE-2022-3486](https://github.com/Live-Hack-CVE/CVE-2022-3486) + +### CVE-2022-3489 (2022-11-07) + + +The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request + + +- [Live-Hack-CVE/CVE-2022-3489](https://github.com/Live-Hack-CVE/CVE-2022-3489) + +### CVE-2022-3494 (2022-11-07) + + +The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. + + +- [Live-Hack-CVE/CVE-2022-3494](https://github.com/Live-Hack-CVE/CVE-2022-3494) ### CVE-2022-3516 (2022-11-19) @@ -1145,21 +1195,61 @@ Deserialization of Untrusted Data in GitHub repository librenms/librenms prior t - [Live-Hack-CVE/CVE-2022-3525](https://github.com/Live-Hack-CVE/CVE-2022-3525) -### CVE-2022-3550 (2022-10-17) +### CVE-2022-3536 (2022-11-07) -A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. +The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog -- [Live-Hack-CVE/CVE-2022-3550](https://github.com/Live-Hack-CVE/CVE-2022-3550) +- [Live-Hack-CVE/CVE-2022-3536](https://github.com/Live-Hack-CVE/CVE-2022-3536) -### CVE-2022-3551 (2022-10-17) +### CVE-2022-3537 (2022-11-07) -A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. +The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP -- [Live-Hack-CVE/CVE-2022-3551](https://github.com/Live-Hack-CVE/CVE-2022-3551) +- [Live-Hack-CVE/CVE-2022-3537](https://github.com/Live-Hack-CVE/CVE-2022-3537) + +### CVE-2022-3538 (2022-11-14) + + +The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins + + +- [Live-Hack-CVE/CVE-2022-3538](https://github.com/Live-Hack-CVE/CVE-2022-3538) + +### CVE-2022-3539 (2022-11-14) + + +The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. + + +- [Live-Hack-CVE/CVE-2022-3539](https://github.com/Live-Hack-CVE/CVE-2022-3539) + +### CVE-2022-3553 (2022-10-17) + + +A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. + + +- [Live-Hack-CVE/CVE-2022-3553](https://github.com/Live-Hack-CVE/CVE-2022-3553) + +### CVE-2022-3558 (2022-11-07) + + +The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. + + +- [Live-Hack-CVE/CVE-2022-3558](https://github.com/Live-Hack-CVE/CVE-2022-3558) + +### CVE-2022-3559 (2022-10-17) + + +A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. + + +- [Live-Hack-CVE/CVE-2022-3559](https://github.com/Live-Hack-CVE/CVE-2022-3559) ### CVE-2022-3561 (2022-11-19) @@ -1185,525 +1275,541 @@ Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version - [Live-Hack-CVE/CVE-2022-3570](https://github.com/Live-Hack-CVE/CVE-2022-3570) -### CVE-2022-3589 (2022-11-21) +### CVE-2022-3574 (2022-11-14) -An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or changing the password of another user was not possible, thus no impact to Availability. +The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. -- [Live-Hack-CVE/CVE-2022-3589](https://github.com/Live-Hack-CVE/CVE-2022-3589) +- [Live-Hack-CVE/CVE-2022-3574](https://github.com/Live-Hack-CVE/CVE-2022-3574) -### CVE-2022-3591 (2022-12-02) +### CVE-2022-3578 (2022-11-14) -Use After Free in GitHub repository vim/vim prior to 9.0.0789. +The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting -- [Live-Hack-CVE/CVE-2022-3591](https://github.com/Live-Hack-CVE/CVE-2022-3591) +- [Live-Hack-CVE/CVE-2022-3578](https://github.com/Live-Hack-CVE/CVE-2022-3578) -### CVE-2022-3600 (2022-11-21) +### CVE-2022-3620 (2022-10-20) -The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. +A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919. -- [Live-Hack-CVE/CVE-2022-3600](https://github.com/Live-Hack-CVE/CVE-2022-3600) +- [Live-Hack-CVE/CVE-2022-3620](https://github.com/Live-Hack-CVE/CVE-2022-3620) -### CVE-2022-3601 (2022-11-28) +### CVE-2022-3631 (2022-11-14) -The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). -- [Live-Hack-CVE/CVE-2022-3601](https://github.com/Live-Hack-CVE/CVE-2022-3601) +- [Live-Hack-CVE/CVE-2022-3631](https://github.com/Live-Hack-CVE/CVE-2022-3631) -### CVE-2022-3603 (2022-11-28) +### CVE-2022-3632 (2022-11-14) -The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection. +The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. -- [Live-Hack-CVE/CVE-2022-3603](https://github.com/Live-Hack-CVE/CVE-2022-3603) +- [Live-Hack-CVE/CVE-2022-3632](https://github.com/Live-Hack-CVE/CVE-2022-3632) -### CVE-2022-3610 (2022-11-28) +### CVE-2022-3703 (2022-11-10) -The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) +All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device. -- [Live-Hack-CVE/CVE-2022-3610](https://github.com/Live-Hack-CVE/CVE-2022-3610) +- [Live-Hack-CVE/CVE-2022-3703](https://github.com/Live-Hack-CVE/CVE-2022-3703) -### CVE-2022-3618 (2022-11-21) +### CVE-2022-3706 (2022-11-09) -The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). +Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. -- [Live-Hack-CVE/CVE-2022-3618](https://github.com/Live-Hack-CVE/CVE-2022-3618) +- [Live-Hack-CVE/CVE-2022-3706](https://github.com/Live-Hack-CVE/CVE-2022-3706) -### CVE-2022-3633 (2022-10-21) +### CVE-2022-3726 (2022-11-09) -A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. +Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account. -- [Live-Hack-CVE/CVE-2022-3633](https://github.com/Live-Hack-CVE/CVE-2022-3633) +- [Live-Hack-CVE/CVE-2022-3726](https://github.com/Live-Hack-CVE/CVE-2022-3726) -### CVE-2022-3634 (2022-11-21) +### CVE-2022-3737 (2022-11-15) -The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection +In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. -- [Live-Hack-CVE/CVE-2022-3634](https://github.com/Live-Hack-CVE/CVE-2022-3634) +- [Live-Hack-CVE/CVE-2022-3737](https://github.com/Live-Hack-CVE/CVE-2022-3737) -### CVE-2022-3635 (2022-10-21) +### CVE-2022-3793 (2022-11-09) -A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. +An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to. -- [Live-Hack-CVE/CVE-2022-3635](https://github.com/Live-Hack-CVE/CVE-2022-3635) +- [Live-Hack-CVE/CVE-2022-3793](https://github.com/Live-Hack-CVE/CVE-2022-3793) -### CVE-2022-3647 (2022-10-21) +### CVE-2022-3818 (2022-11-09) -** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred. +An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. -- [Live-Hack-CVE/CVE-2022-3647](https://github.com/Live-Hack-CVE/CVE-2022-3647) +- [Live-Hack-CVE/CVE-2022-3818](https://github.com/Live-Hack-CVE/CVE-2022-3818) -### CVE-2022-3688 (2022-11-21) +### CVE-2022-3819 (2022-11-09) -The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks +An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to. -- [Live-Hack-CVE/CVE-2022-3688](https://github.com/Live-Hack-CVE/CVE-2022-3688) +- [Live-Hack-CVE/CVE-2022-3819](https://github.com/Live-Hack-CVE/CVE-2022-3819) -### CVE-2022-3689 (2022-11-28) +### CVE-2022-3866 (2022-11-10) -The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users +HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2. -- [Live-Hack-CVE/CVE-2022-3689](https://github.com/Live-Hack-CVE/CVE-2022-3689) +- [Live-Hack-CVE/CVE-2022-3866](https://github.com/Live-Hack-CVE/CVE-2022-3866) -### CVE-2022-3696 (2022-12-01) +### CVE-2022-3867 (2022-11-10) -A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. +HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2. -- [Live-Hack-CVE/CVE-2022-3696](https://github.com/Live-Hack-CVE/CVE-2022-3696) +- [Live-Hack-CVE/CVE-2022-3867](https://github.com/Live-Hack-CVE/CVE-2022-3867) -### CVE-2022-3710 (2022-12-01) +### CVE-2022-3868 (2022-11-05) -A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. +A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012. -- [Live-Hack-CVE/CVE-2022-3710](https://github.com/Live-Hack-CVE/CVE-2022-3710) +- [Live-Hack-CVE/CVE-2022-3868](https://github.com/Live-Hack-CVE/CVE-2022-3868) -### CVE-2022-3713 (2022-12-01) +### CVE-2022-3869 (2022-11-05) -A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. +Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. -- [Live-Hack-CVE/CVE-2022-3713](https://github.com/Live-Hack-CVE/CVE-2022-3713) +- [Live-Hack-CVE/CVE-2022-3869](https://github.com/Live-Hack-CVE/CVE-2022-3869) -### CVE-2022-3720 (2022-11-21) +### CVE-2022-3873 (2022-11-07) -The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users +Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. -- [Live-Hack-CVE/CVE-2022-3720](https://github.com/Live-Hack-CVE/CVE-2022-3720) +- [Live-Hack-CVE/CVE-2022-3873](https://github.com/Live-Hack-CVE/CVE-2022-3873) -### CVE-2022-3725 (2022-10-27) +### CVE-2022-3878 (2022-11-07) -Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file +A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039. -- [Live-Hack-CVE/CVE-2022-3725](https://github.com/Live-Hack-CVE/CVE-2022-3725) +- [Live-Hack-CVE/CVE-2022-3878](https://github.com/Live-Hack-CVE/CVE-2022-3878) -### CVE-2022-3734 (2022-10-28) +### CVE-2022-3893 (2022-11-15) -** DISPUTED ** A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only. +Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. -- [Live-Hack-CVE/CVE-2022-3734](https://github.com/Live-Hack-CVE/CVE-2022-3734) +- [Live-Hack-CVE/CVE-2022-3893](https://github.com/Live-Hack-CVE/CVE-2022-3893) -### CVE-2022-3747 (2022-11-29) +### CVE-2022-3895 (2022-11-15) -The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. +Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). -- [Live-Hack-CVE/CVE-2022-3747](https://github.com/Live-Hack-CVE/CVE-2022-3747) +- [Live-Hack-CVE/CVE-2022-3895](https://github.com/Live-Hack-CVE/CVE-2022-3895) -### CVE-2022-3750 (2022-11-21) +### CVE-2022-3903 (2022-11-14) -The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. +An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. -- [Live-Hack-CVE/CVE-2022-3750](https://github.com/Live-Hack-CVE/CVE-2022-3750) +- [Live-Hack-CVE/CVE-2022-3903](https://github.com/Live-Hack-CVE/CVE-2022-3903) -### CVE-2022-3751 (2022-11-29) +### CVE-2022-3920 (2022-11-15) -SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. +HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0. -- [Live-Hack-CVE/CVE-2022-3751](https://github.com/Live-Hack-CVE/CVE-2022-3751) +- [Live-Hack-CVE/CVE-2022-3920](https://github.com/Live-Hack-CVE/CVE-2022-3920) -### CVE-2022-3753 (2022-11-21) +### CVE-2022-3939 (2022-11-11) -The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). +A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3753](https://github.com/Live-Hack-CVE/CVE-2022-3753) +- [Live-Hack-CVE/CVE-2022-3939](https://github.com/Live-Hack-CVE/CVE-2022-3939) -### CVE-2022-3762 (2022-11-21) +### CVE-2022-3940 (2022-11-11) -The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite) +A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447. -- [Live-Hack-CVE/CVE-2022-3762](https://github.com/Live-Hack-CVE/CVE-2022-3762) +- [Live-Hack-CVE/CVE-2022-3940](https://github.com/Live-Hack-CVE/CVE-2022-3940) -### CVE-2022-3763 (2022-11-21) +### CVE-2022-3941 (2022-11-11) -The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack +A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. -- [Live-Hack-CVE/CVE-2022-3763](https://github.com/Live-Hack-CVE/CVE-2022-3763) +- [Live-Hack-CVE/CVE-2022-3941](https://github.com/Live-Hack-CVE/CVE-2022-3941) -### CVE-2022-3768 (2022-11-28) +### CVE-2022-3942 (2022-11-11) -The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author +A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3768](https://github.com/Live-Hack-CVE/CVE-2022-3768) +- [Live-Hack-CVE/CVE-2022-3942](https://github.com/Live-Hack-CVE/CVE-2022-3942) -### CVE-2022-3769 (2022-11-28) +### CVE-2022-3943 (2022-11-11) -The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor +A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3769](https://github.com/Live-Hack-CVE/CVE-2022-3769) +- [Live-Hack-CVE/CVE-2022-3943](https://github.com/Live-Hack-CVE/CVE-2022-3943) -### CVE-2022-3821 (2022-11-08) +### CVE-2022-3944 (2022-11-11) -An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. +A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. -- [Live-Hack-CVE/CVE-2022-3821](https://github.com/Live-Hack-CVE/CVE-2022-3821) +- [Live-Hack-CVE/CVE-2022-3944](https://github.com/Live-Hack-CVE/CVE-2022-3944) -### CVE-2022-3822 (2022-11-28) +### CVE-2022-3945 (2022-11-11) -The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. -- [Live-Hack-CVE/CVE-2022-3822](https://github.com/Live-Hack-CVE/CVE-2022-3822) +- [Live-Hack-CVE/CVE-2022-3945](https://github.com/Live-Hack-CVE/CVE-2022-3945) -### CVE-2022-3823 (2022-11-28) +### CVE-2022-3947 (2022-11-11) -The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3823](https://github.com/Live-Hack-CVE/CVE-2022-3823) +- [Live-Hack-CVE/CVE-2022-3947](https://github.com/Live-Hack-CVE/CVE-2022-3947) -### CVE-2022-3824 (2022-11-28) +### CVE-2022-3948 (2022-11-11) -The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3824](https://github.com/Live-Hack-CVE/CVE-2022-3824) +- [Live-Hack-CVE/CVE-2022-3948](https://github.com/Live-Hack-CVE/CVE-2022-3948) -### CVE-2022-3828 (2022-11-28) +### CVE-2022-3949 (2022-11-11) -The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455. -- [Live-Hack-CVE/CVE-2022-3828](https://github.com/Live-Hack-CVE/CVE-2022-3828) +- [Live-Hack-CVE/CVE-2022-3949](https://github.com/Live-Hack-CVE/CVE-2022-3949) -### CVE-2022-3831 (2022-11-28) +### CVE-2022-3950 (2022-11-11) -The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. -- [Live-Hack-CVE/CVE-2022-3831](https://github.com/Live-Hack-CVE/CVE-2022-3831) +- [Live-Hack-CVE/CVE-2022-3950](https://github.com/Live-Hack-CVE/CVE-2022-3950) -### CVE-2022-3833 (2022-11-28) +### CVE-2022-3952 (2022-11-11) -The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3833](https://github.com/Live-Hack-CVE/CVE-2022-3833) +- [Live-Hack-CVE/CVE-2022-3952](https://github.com/Live-Hack-CVE/CVE-2022-3952) -### CVE-2022-3834 (2022-11-28) +### CVE-2022-3955 (2022-11-11) -The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3834](https://github.com/Live-Hack-CVE/CVE-2022-3834) +- [Live-Hack-CVE/CVE-2022-3955](https://github.com/Live-Hack-CVE/CVE-2022-3955) -### CVE-2022-3839 (2022-11-28) +### CVE-2022-3956 (2022-11-11) -The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). +A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3839](https://github.com/Live-Hack-CVE/CVE-2022-3839) +- [Live-Hack-CVE/CVE-2022-3956](https://github.com/Live-Hack-CVE/CVE-2022-3956) -### CVE-2022-3847 (2022-11-28) +### CVE-2022-3957 (2022-11-11) -The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack +A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. -- [Live-Hack-CVE/CVE-2022-3847](https://github.com/Live-Hack-CVE/CVE-2022-3847) +- [Live-Hack-CVE/CVE-2022-3957](https://github.com/Live-Hack-CVE/CVE-2022-3957) -### CVE-2022-3848 (2022-11-28) +### CVE-2022-3958 (2022-11-15) -The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin +Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks. -- [Live-Hack-CVE/CVE-2022-3848](https://github.com/Live-Hack-CVE/CVE-2022-3848) +- [Live-Hack-CVE/CVE-2022-3958](https://github.com/Live-Hack-CVE/CVE-2022-3958) -### CVE-2022-3849 (2022-11-28) +### CVE-2022-3959 (2022-11-11) -The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin +A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464. -- [Live-Hack-CVE/CVE-2022-3849](https://github.com/Live-Hack-CVE/CVE-2022-3849) +- [Live-Hack-CVE/CVE-2022-3959](https://github.com/Live-Hack-CVE/CVE-2022-3959) -### CVE-2022-3850 (2022-11-28) +### CVE-2022-3963 (2022-11-12) -The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack +A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540. -- [Live-Hack-CVE/CVE-2022-3850](https://github.com/Live-Hack-CVE/CVE-2022-3850) +- [Live-Hack-CVE/CVE-2022-3963](https://github.com/Live-Hack-CVE/CVE-2022-3963) -### CVE-2022-3859 (2022-11-30) +### CVE-2022-3964 (2022-11-13) -An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there. +A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. -- [Live-Hack-CVE/CVE-2022-3859](https://github.com/Live-Hack-CVE/CVE-2022-3859) +- [Live-Hack-CVE/CVE-2022-3964](https://github.com/Live-Hack-CVE/CVE-2022-3964) -### CVE-2022-3861 (2022-11-21) +### CVE-2022-3965 (2022-11-13) -The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc.. +A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. -- [Live-Hack-CVE/CVE-2022-3861](https://github.com/Live-Hack-CVE/CVE-2022-3861) +- [Live-Hack-CVE/CVE-2022-3965](https://github.com/Live-Hack-CVE/CVE-2022-3965) -### CVE-2022-3865 (2022-11-28) +### CVE-2022-3966 (2022-11-13) -The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin +A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3865](https://github.com/Live-Hack-CVE/CVE-2022-3865) +- [Live-Hack-CVE/CVE-2022-3966](https://github.com/Live-Hack-CVE/CVE-2022-3966) -### CVE-2022-3896 (2022-11-29) +### CVE-2022-3967 (2022-11-13) -The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers. +A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. It is recommended to apply a patch to fix this issue. VDB-213546 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3896](https://github.com/Live-Hack-CVE/CVE-2022-3896) +- [Live-Hack-CVE/CVE-2022-3967](https://github.com/Live-Hack-CVE/CVE-2022-3967) -### CVE-2022-3897 (2022-11-29) +### CVE-2022-3968 (2022-11-13) -The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. +A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547. -- [Live-Hack-CVE/CVE-2022-3897](https://github.com/Live-Hack-CVE/CVE-2022-3897) +- [Live-Hack-CVE/CVE-2022-3968](https://github.com/Live-Hack-CVE/CVE-2022-3968) -### CVE-2022-3898 (2022-11-29) +### CVE-2022-3969 (2022-11-13) -The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. +A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548. -- [Live-Hack-CVE/CVE-2022-3898](https://github.com/Live-Hack-CVE/CVE-2022-3898) +- [Live-Hack-CVE/CVE-2022-3969](https://github.com/Live-Hack-CVE/CVE-2022-3969) -### CVE-2022-3910 (2022-11-22) +### CVE-2022-3971 (2022-11-13) -Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 +A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is 179313a37f06b298150edba3e2b0e5a73c1415e7. It is recommended to upgrade the affected component. VDB-213550 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3910](https://github.com/Live-Hack-CVE/CVE-2022-3910) +- [Live-Hack-CVE/CVE-2022-3971](https://github.com/Live-Hack-CVE/CVE-2022-3971) -### CVE-2022-3991 (2022-11-29) +### CVE-2022-3972 (2022-11-13) -The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. +A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213551. -- [Live-Hack-CVE/CVE-2022-3991](https://github.com/Live-Hack-CVE/CVE-2022-3991) +- [Live-Hack-CVE/CVE-2022-3972](https://github.com/Live-Hack-CVE/CVE-2022-3972) -### CVE-2022-3995 (2022-11-29) +### CVE-2022-3973 (2022-11-13) -The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets. +A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213552. -- [Live-Hack-CVE/CVE-2022-3995](https://github.com/Live-Hack-CVE/CVE-2022-3995) +- [Live-Hack-CVE/CVE-2022-3973](https://github.com/Live-Hack-CVE/CVE-2022-3973) -### CVE-2022-3997 (2022-11-15) +### CVE-2022-3974 (2022-11-13) -A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability. +A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213553 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3997](https://github.com/Live-Hack-CVE/CVE-2022-3997) +- [Live-Hack-CVE/CVE-2022-3974](https://github.com/Live-Hack-CVE/CVE-2022-3974) -### CVE-2022-3998 (2022-11-15) +### CVE-2022-3975 (2022-11-13) -A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213699. +A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. The name of the patch is 0b3197fad950bb3383e83039a8ee4c9509b3ce02. It is recommended to upgrade the affected component. VDB-213554 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-3998](https://github.com/Live-Hack-CVE/CVE-2022-3998) +- [Live-Hack-CVE/CVE-2022-3975](https://github.com/Live-Hack-CVE/CVE-2022-3975) -### CVE-2022-4019 (2022-11-23) +### CVE-2022-3976 (2022-11-13) -A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. +A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556. -- [Live-Hack-CVE/CVE-2022-4019](https://github.com/Live-Hack-CVE/CVE-2022-4019) +- [Live-Hack-CVE/CVE-2022-3976](https://github.com/Live-Hack-CVE/CVE-2022-3976) -### CVE-2022-4020 (2022-11-28) +### CVE-2022-3978 (2022-11-13) -Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. +A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555. -- [Live-Hack-CVE/CVE-2022-4020](https://github.com/Live-Hack-CVE/CVE-2022-4020) +- [Live-Hack-CVE/CVE-2022-3978](https://github.com/Live-Hack-CVE/CVE-2022-3978) -### CVE-2022-4027 (2022-11-29) +### CVE-2022-3979 (2022-11-13) -The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when responding to forum threads that will execute whenever a user accesses an injected page. +A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. Upgrading to version 1.9.34 is able to address this issue. The name of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-4027](https://github.com/Live-Hack-CVE/CVE-2022-4027) +- [Live-Hack-CVE/CVE-2022-3979](https://github.com/Live-Hack-CVE/CVE-2022-3979) -### CVE-2022-4028 (2022-11-29) +### CVE-2022-3980 (2022-11-16) -The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to inject arbitrary web scripts in pages when modifying a profile signature that will execute whenever a user accesses an injected page. +An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. -- [Live-Hack-CVE/CVE-2022-4028](https://github.com/Live-Hack-CVE/CVE-2022-4028) +- [Live-Hack-CVE/CVE-2022-3980](https://github.com/Live-Hack-CVE/CVE-2022-3980) -### CVE-2022-4029 (2022-11-29) +### CVE-2022-3988 (2022-11-14) -The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This would be highly complex to exploit as it would require the attacker to set the cookie a cookie for the targeted user. +A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be launched remotely. The name of the patch is bfab7191543961c6cb77fe267063877c31b616ce. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213560. -- [Live-Hack-CVE/CVE-2022-4029](https://github.com/Live-Hack-CVE/CVE-2022-4029) +- [Live-Hack-CVE/CVE-2022-3988](https://github.com/Live-Hack-CVE/CVE-2022-3988) -### CVE-2022-4030 (2022-11-29) +### CVE-2022-3992 (2022-11-14) -The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution. +A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571. -- [Live-Hack-CVE/CVE-2022-4030](https://github.com/Live-Hack-CVE/CVE-2022-4030) +- [Live-Hack-CVE/CVE-2022-3992](https://github.com/Live-Hack-CVE/CVE-2022-3992) -### CVE-2022-4031 (2022-11-29) +### CVE-2022-3993 (2022-11-14) -The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin. +Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. -- [Live-Hack-CVE/CVE-2022-4031](https://github.com/Live-Hack-CVE/CVE-2022-4031) +- [Live-Hack-CVE/CVE-2022-3993](https://github.com/Live-Hack-CVE/CVE-2022-3993) -### CVE-2022-4032 (2022-11-29) +### CVE-2022-4006 (2022-11-15) -The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page. +A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716. -- [Live-Hack-CVE/CVE-2022-4032](https://github.com/Live-Hack-CVE/CVE-2022-4032) +- [Live-Hack-CVE/CVE-2022-4006](https://github.com/Live-Hack-CVE/CVE-2022-4006) -### CVE-2022-4033 (2022-11-29) +### CVE-2022-4011 (2022-11-16) -The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type. +A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-4033](https://github.com/Live-Hack-CVE/CVE-2022-4033) +- [Live-Hack-CVE/CVE-2022-4011](https://github.com/Live-Hack-CVE/CVE-2022-4011) -### CVE-2022-4034 (2022-11-29) +### CVE-2022-4012 (2022-11-16) -The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. +A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213786 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-4034](https://github.com/Live-Hack-CVE/CVE-2022-4034) +- [Live-Hack-CVE/CVE-2022-4012](https://github.com/Live-Hack-CVE/CVE-2022-4012) -### CVE-2022-4035 (2022-11-29) +### CVE-2022-4013 (2022-11-16) -The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page. +A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. -- [Live-Hack-CVE/CVE-2022-4035](https://github.com/Live-Hack-CVE/CVE-2022-4035) +- [Live-Hack-CVE/CVE-2022-4013](https://github.com/Live-Hack-CVE/CVE-2022-4013) -### CVE-2022-4036 (2022-11-29) +### CVE-2022-4014 (2022-11-16) -The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. +A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. -- [Live-Hack-CVE/CVE-2022-4036](https://github.com/Live-Hack-CVE/CVE-2022-4036) +- [Live-Hack-CVE/CVE-2022-4014](https://github.com/Live-Hack-CVE/CVE-2022-4014) -### CVE-2022-4044 (2022-11-23) +### CVE-2022-4015 (2022-11-16) -A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages. +A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/make_payments.php. The manipulation of the argument m_id/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213789 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-4044](https://github.com/Live-Hack-CVE/CVE-2022-4044) +- [Live-Hack-CVE/CVE-2022-4015](https://github.com/Live-Hack-CVE/CVE-2022-4015) -### CVE-2022-4045 (2022-11-23) +### CVE-2022-4018 (2022-11-16) -A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. +Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. -- [Live-Hack-CVE/CVE-2022-4045](https://github.com/Live-Hack-CVE/CVE-2022-4045) +- [Live-Hack-CVE/CVE-2022-4018](https://github.com/Live-Hack-CVE/CVE-2022-4018) + +### CVE-2022-4021 (2022-11-16) + + +The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. + + +- [Live-Hack-CVE/CVE-2022-4021](https://github.com/Live-Hack-CVE/CVE-2022-4021) + +### CVE-2022-4022 (2022-11-16) + + +The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL. + + +- [Live-Hack-CVE/CVE-2022-4022](https://github.com/Live-Hack-CVE/CVE-2022-4022) ### CVE-2022-4051 (2022-11-17) @@ -1713,37 +1819,21 @@ A vulnerability has been found in Hostel Searching Project and classified as cri - [Live-Hack-CVE/CVE-2022-4051](https://github.com/Live-Hack-CVE/CVE-2022-4051) -### CVE-2022-4055 (2022-11-18) +### CVE-2022-4052 (2022-11-17) -When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. +A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-4055](https://github.com/Live-Hack-CVE/CVE-2022-4055) +- [Live-Hack-CVE/CVE-2022-4052](https://github.com/Live-Hack-CVE/CVE-2022-4052) -### CVE-2022-4064 (2022-11-19) +### CVE-2022-4053 (2022-11-17) -A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability. +A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability. -- [Live-Hack-CVE/CVE-2022-4064](https://github.com/Live-Hack-CVE/CVE-2022-4064) - -### CVE-2022-4065 (2022-11-19) - - -A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027. - - -- [Live-Hack-CVE/CVE-2022-4065](https://github.com/Live-Hack-CVE/CVE-2022-4065) - -### CVE-2022-4066 (2022-11-19) - - -A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028. - - -- [Live-Hack-CVE/CVE-2022-4066](https://github.com/Live-Hack-CVE/CVE-2022-4066) +- [Live-Hack-CVE/CVE-2022-4053](https://github.com/Live-Hack-CVE/CVE-2022-4053) ### CVE-2022-4067 (2022-11-19) @@ -1753,14 +1843,6 @@ Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior - [Live-Hack-CVE/CVE-2022-4067](https://github.com/Live-Hack-CVE/CVE-2022-4067) -### CVE-2022-4068 (2022-11-19) - - -A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account. - - -- [Live-Hack-CVE/CVE-2022-4068](https://github.com/Live-Hack-CVE/CVE-2022-4068) - ### CVE-2022-4069 (2022-11-19) @@ -1777,574 +1859,6 @@ Insufficient Session Expiration in GitHub repository librenms/librenms prior to - [Live-Hack-CVE/CVE-2022-4070](https://github.com/Live-Hack-CVE/CVE-2022-4070) -### CVE-2022-4087 (2022-11-21) - - -A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. - - -- [Live-Hack-CVE/CVE-2022-4087](https://github.com/Live-Hack-CVE/CVE-2022-4087) - -### CVE-2022-4088 (2022-11-24) - - -A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability. - - -- [Live-Hack-CVE/CVE-2022-4088](https://github.com/Live-Hack-CVE/CVE-2022-4088) - -### CVE-2022-4089 (2022-11-24) - - -A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324. - - -- [Live-Hack-CVE/CVE-2022-4089](https://github.com/Live-Hack-CVE/CVE-2022-4089) - -### CVE-2022-4090 (2022-11-24) - - -A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. - - -- [Live-Hack-CVE/CVE-2022-4090](https://github.com/Live-Hack-CVE/CVE-2022-4090) - -### CVE-2022-4091 (2022-11-25) - - -A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359. - - -- [Live-Hack-CVE/CVE-2022-4091](https://github.com/Live-Hack-CVE/CVE-2022-4091) - -### CVE-2022-4093 (2022-11-20) - - -SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected - - -- [Live-Hack-CVE/CVE-2022-4093](https://github.com/Live-Hack-CVE/CVE-2022-4093) - -### CVE-2022-4096 (2022-11-21) - - -Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. - - -- [Live-Hack-CVE/CVE-2022-4096](https://github.com/Live-Hack-CVE/CVE-2022-4096) - -### CVE-2022-4104 (2022-11-28) - - -A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service. - - -- [Live-Hack-CVE/CVE-2022-4104](https://github.com/Live-Hack-CVE/CVE-2022-4104) - -### CVE-2022-4105 (2022-11-21) - - -A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page. - - -- [Live-Hack-CVE/CVE-2022-4105](https://github.com/Live-Hack-CVE/CVE-2022-4105) - -### CVE-2022-4111 (2022-11-21) - - -Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB. - - -- [Live-Hack-CVE/CVE-2022-4111](https://github.com/Live-Hack-CVE/CVE-2022-4111) - -### CVE-2022-4116 (2022-11-22) - - -A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. - - -- [Live-Hack-CVE/CVE-2022-4116](https://github.com/Live-Hack-CVE/CVE-2022-4116) - -### CVE-2022-4127 (2022-11-28) - - -A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. - - -- [Live-Hack-CVE/CVE-2022-4127](https://github.com/Live-Hack-CVE/CVE-2022-4127) - -### CVE-2022-4128 (2022-11-28) - - -A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service. - - -- [Live-Hack-CVE/CVE-2022-4128](https://github.com/Live-Hack-CVE/CVE-2022-4128) - -### CVE-2022-4129 (2022-11-28) - - -A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. - - -- [Live-Hack-CVE/CVE-2022-4129](https://github.com/Live-Hack-CVE/CVE-2022-4129) - -### CVE-2022-4135 (2022-11-24) - - -Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4135](https://github.com/Live-Hack-CVE/CVE-2022-4135) - -### CVE-2022-4136 (2022-11-24) - - -Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method. - - -- [Live-Hack-CVE/CVE-2022-4136](https://github.com/Live-Hack-CVE/CVE-2022-4136) - -### CVE-2022-4169 (2022-11-28) - - -The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings. - - -- [Live-Hack-CVE/CVE-2022-4169](https://github.com/Live-Hack-CVE/CVE-2022-4169) - -### CVE-2022-4174 (2022-11-29) - - -Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4174](https://github.com/Live-Hack-CVE/CVE-2022-4174) - -### CVE-2022-4175 (2022-11-29) - - -Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4175](https://github.com/Live-Hack-CVE/CVE-2022-4175) - -### CVE-2022-4176 (2022-11-29) - - -Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4176](https://github.com/Live-Hack-CVE/CVE-2022-4176) - -### CVE-2022-4177 (2022-11-29) - - -Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4177](https://github.com/Live-Hack-CVE/CVE-2022-4177) - -### CVE-2022-4178 (2022-11-29) - - -Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4178](https://github.com/Live-Hack-CVE/CVE-2022-4178) - -### CVE-2022-4179 (2022-11-29) - - -Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4179](https://github.com/Live-Hack-CVE/CVE-2022-4179) - -### CVE-2022-4180 (2022-11-29) - - -Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4180](https://github.com/Live-Hack-CVE/CVE-2022-4180) - -### CVE-2022-4181 (2022-11-29) - - -Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4181](https://github.com/Live-Hack-CVE/CVE-2022-4181) - -### CVE-2022-4182 (2022-11-29) - - -Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4182](https://github.com/Live-Hack-CVE/CVE-2022-4182) - -### CVE-2022-4183 (2022-11-29) - - -Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4183](https://github.com/Live-Hack-CVE/CVE-2022-4183) - -### CVE-2022-4184 (2022-11-29) - - -Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4184](https://github.com/Live-Hack-CVE/CVE-2022-4184) - -### CVE-2022-4185 (2022-11-29) - - -Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4185](https://github.com/Live-Hack-CVE/CVE-2022-4185) - -### CVE-2022-4186 (2022-11-29) - - -Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4186](https://github.com/Live-Hack-CVE/CVE-2022-4186) - -### CVE-2022-4187 (2022-11-29) - - -Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4187](https://github.com/Live-Hack-CVE/CVE-2022-4187) - -### CVE-2022-4188 (2022-11-29) - - -Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4188](https://github.com/Live-Hack-CVE/CVE-2022-4188) - -### CVE-2022-4189 (2022-11-29) - - -Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4189](https://github.com/Live-Hack-CVE/CVE-2022-4189) - -### CVE-2022-4190 (2022-11-29) - - -Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4190](https://github.com/Live-Hack-CVE/CVE-2022-4190) - -### CVE-2022-4191 (2022-11-29) - - -Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4191](https://github.com/Live-Hack-CVE/CVE-2022-4191) - -### CVE-2022-4192 (2022-11-29) - - -Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4192](https://github.com/Live-Hack-CVE/CVE-2022-4192) - -### CVE-2022-4193 (2022-11-29) - - -Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4193](https://github.com/Live-Hack-CVE/CVE-2022-4193) - -### CVE-2022-4194 (2022-11-29) - - -Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4194](https://github.com/Live-Hack-CVE/CVE-2022-4194) - -### CVE-2022-4195 (2022-11-29) - - -Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) - - -- [Live-Hack-CVE/CVE-2022-4195](https://github.com/Live-Hack-CVE/CVE-2022-4195) - -### CVE-2022-4208 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4208](https://github.com/Live-Hack-CVE/CVE-2022-4208) - -### CVE-2022-4209 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4209](https://github.com/Live-Hack-CVE/CVE-2022-4209) - -### CVE-2022-4210 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4210](https://github.com/Live-Hack-CVE/CVE-2022-4210) - -### CVE-2022-4211 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4211](https://github.com/Live-Hack-CVE/CVE-2022-4211) - -### CVE-2022-4212 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4212](https://github.com/Live-Hack-CVE/CVE-2022-4212) - -### CVE-2022-4213 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4213](https://github.com/Live-Hack-CVE/CVE-2022-4213) - -### CVE-2022-4214 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4214](https://github.com/Live-Hack-CVE/CVE-2022-4214) - -### CVE-2022-4215 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4215](https://github.com/Live-Hack-CVE/CVE-2022-4215) - -### CVE-2022-4216 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - - -- [Live-Hack-CVE/CVE-2022-4216](https://github.com/Live-Hack-CVE/CVE-2022-4216) - -### CVE-2022-4217 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - - -- [Live-Hack-CVE/CVE-2022-4217](https://github.com/Live-Hack-CVE/CVE-2022-4217) - -### CVE-2022-4218 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4218](https://github.com/Live-Hack-CVE/CVE-2022-4218) - -### CVE-2022-4219 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4219](https://github.com/Live-Hack-CVE/CVE-2022-4219) - -### CVE-2022-4220 (2022-12-02) - - -The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. - - -- [Live-Hack-CVE/CVE-2022-4220](https://github.com/Live-Hack-CVE/CVE-2022-4220) - -### CVE-2022-4221 (2022-12-01) - - -Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. - - -- [Live-Hack-CVE/CVE-2022-4221](https://github.com/Live-Hack-CVE/CVE-2022-4221) - -### CVE-2022-4222 (2022-11-30) - - -A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523. - - -- [Live-Hack-CVE/CVE-2022-4222](https://github.com/Live-Hack-CVE/CVE-2022-4222) - -### CVE-2022-4228 (2022-11-30) - - -A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587. - - -- [Live-Hack-CVE/CVE-2022-4228](https://github.com/Live-Hack-CVE/CVE-2022-4228) - -### CVE-2022-4229 (2022-11-30) - - -A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. - - -- [Live-Hack-CVE/CVE-2022-4229](https://github.com/Live-Hack-CVE/CVE-2022-4229) - -### CVE-2022-4232 (2022-11-30) - - -A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. - - -- [Live-Hack-CVE/CVE-2022-4232](https://github.com/Live-Hack-CVE/CVE-2022-4232) - -### CVE-2022-4233 (2022-11-30) - - -A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-214591. - - -- [Live-Hack-CVE/CVE-2022-4233](https://github.com/Live-Hack-CVE/CVE-2022-4233) - -### CVE-2022-4234 (2022-11-30) - - -A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595. - - -- [Live-Hack-CVE/CVE-2022-4234](https://github.com/Live-Hack-CVE/CVE-2022-4234) - -### CVE-2022-4246 (2022-12-01) - - -A vulnerability classified as problematic has been found in Kakao PotPlayer. This affects an unknown part of the component MID File Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214623. - - -- [Live-Hack-CVE/CVE-2022-4246](https://github.com/Live-Hack-CVE/CVE-2022-4246) - -### CVE-2022-4247 (2022-12-01) - - -A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624. - - -- [Live-Hack-CVE/CVE-2022-4247](https://github.com/Live-Hack-CVE/CVE-2022-4247) - -### CVE-2022-4248 (2022-12-01) - - -A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability. - - -- [Live-Hack-CVE/CVE-2022-4248](https://github.com/Live-Hack-CVE/CVE-2022-4248) - -### CVE-2022-4249 (2022-12-01) - - -A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDER_ID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214626 is the identifier assigned to this vulnerability. - - -- [Live-Hack-CVE/CVE-2022-4249](https://github.com/Live-Hack-CVE/CVE-2022-4249) - -### CVE-2022-4250 (2022-12-01) - - -A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214627. - - -- [Live-Hack-CVE/CVE-2022-4250](https://github.com/Live-Hack-CVE/CVE-2022-4250) - -### CVE-2022-4251 (2022-12-01) - - -A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628. - - -- [Live-Hack-CVE/CVE-2022-4251](https://github.com/Live-Hack-CVE/CVE-2022-4251) - -### CVE-2022-4252 (2022-12-01) - - -A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability. - - -- [Live-Hack-CVE/CVE-2022-4252](https://github.com/Live-Hack-CVE/CVE-2022-4252) - -### CVE-2022-4253 (2022-12-01) - - -A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability. - - -- [Live-Hack-CVE/CVE-2022-4253](https://github.com/Live-Hack-CVE/CVE-2022-4253) - -### CVE-2022-4257 (2022-12-01) - - -A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631. - - -- [Live-Hack-CVE/CVE-2022-4257](https://github.com/Live-Hack-CVE/CVE-2022-4257) - -### CVE-2022-4262 (2022-12-02) - - -Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) - - -- [Live-Hack-CVE/CVE-2022-4262](https://github.com/Live-Hack-CVE/CVE-2022-4262) - -### CVE-2022-4270 (2022-12-02) - - -Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. - - -- [Live-Hack-CVE/CVE-2022-4270](https://github.com/Live-Hack-CVE/CVE-2022-4270) - -### CVE-2022-4271 (2022-12-02) - - -Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. - - -- [Live-Hack-CVE/CVE-2022-4271](https://github.com/Live-Hack-CVE/CVE-2022-4271) - ### CVE-2022-5555 - [huihuo123/CVE-2022-5555](https://github.com/huihuo123/CVE-2022-5555) @@ -2381,53 +1895,149 @@ In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, ther - [Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20007](https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20007) -### CVE-2022-20421 (2022-10-11) +### CVE-2022-20231 (2022-09-14) -In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel +In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211485702References: N/A -- [Live-Hack-CVE/CVE-2022-20421](https://github.com/Live-Hack-CVE/CVE-2022-20421) +- [Live-Hack-CVE/CVE-2022-20231](https://github.com/Live-Hack-CVE/CVE-2022-20231) -### CVE-2022-20422 (2022-10-11) +### CVE-2022-20364 (2022-09-14) -In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel +In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233606615References: N/A -- [Live-Hack-CVE/CVE-2022-20422](https://github.com/Live-Hack-CVE/CVE-2022-20422) +- [Live-Hack-CVE/CVE-2022-20364](https://github.com/Live-Hack-CVE/CVE-2022-20364) -### CVE-2022-20427 (2022-11-17) +### CVE-2022-20409 (2022-10-11) -In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A +In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel -- [Live-Hack-CVE/CVE-2022-20427](https://github.com/Live-Hack-CVE/CVE-2022-20427) +- [Live-Hack-CVE/CVE-2022-20409](https://github.com/Live-Hack-CVE/CVE-2022-20409) -### CVE-2022-20428 (2022-11-17) +### CVE-2022-20414 (2022-11-08) -In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411References: N/A +In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 -- [Live-Hack-CVE/CVE-2022-20428](https://github.com/Live-Hack-CVE/CVE-2022-20428) +- [Live-Hack-CVE/CVE-2022-20414](https://github.com/Live-Hack-CVE/CVE-2022-20414) -### CVE-2022-20459 (2022-11-17) +### CVE-2022-20426 (2022-11-08) -In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239556260References: N/A +In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 -- [Live-Hack-CVE/CVE-2022-20459](https://github.com/Live-Hack-CVE/CVE-2022-20459) +- [Live-Hack-CVE/CVE-2022-20426](https://github.com/Live-Hack-CVE/CVE-2022-20426) -### CVE-2022-20460 (2022-11-17) +### CVE-2022-20441 (2022-11-08) -In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239557547References: N/A +In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611 -- [Live-Hack-CVE/CVE-2022-20460](https://github.com/Live-Hack-CVE/CVE-2022-20460) +- [Live-Hack-CVE/CVE-2022-20441](https://github.com/Live-Hack-CVE/CVE-2022-20441) + +### CVE-2022-20445 (2022-11-08) + + +In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506 + + +- [Live-Hack-CVE/CVE-2022-20445](https://github.com/Live-Hack-CVE/CVE-2022-20445) + +### CVE-2022-20446 (2022-11-08) + + +In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943 + + +- [Live-Hack-CVE/CVE-2022-20446](https://github.com/Live-Hack-CVE/CVE-2022-20446) + +### CVE-2022-20447 (2022-11-08) + + +In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233604485 + + +- [Live-Hack-CVE/CVE-2022-20447](https://github.com/Live-Hack-CVE/CVE-2022-20447) + +### CVE-2022-20448 (2022-11-08) + + +In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 + + +- [Live-Hack-CVE/CVE-2022-20448](https://github.com/Live-Hack-CVE/CVE-2022-20448) + +### CVE-2022-20450 (2022-11-08) + + +In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 + + +- [Live-Hack-CVE/CVE-2022-20450](https://github.com/Live-Hack-CVE/CVE-2022-20450) + +### CVE-2022-20451 (2022-11-08) + + +In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883 + + +- [Live-Hack-CVE/CVE-2022-20451](https://github.com/Live-Hack-CVE/CVE-2022-20451) + +### CVE-2022-20452 (2022-11-08) + + +In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 + + +- [Live-Hack-CVE/CVE-2022-20452](https://github.com/Live-Hack-CVE/CVE-2022-20452) + +### CVE-2022-20453 (2022-11-08) + + +In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 + + +- [Live-Hack-CVE/CVE-2022-20453](https://github.com/Live-Hack-CVE/CVE-2022-20453) + +### CVE-2022-20454 (2022-11-08) + + +In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242096164 + + +- [Live-Hack-CVE/CVE-2022-20454](https://github.com/Live-Hack-CVE/CVE-2022-20454) + +### CVE-2022-20457 (2022-11-08) + + +In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784 + + +- [Live-Hack-CVE/CVE-2022-20457](https://github.com/Live-Hack-CVE/CVE-2022-20457) + +### CVE-2022-20462 (2022-11-08) + + +In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230356196 + + +- [Live-Hack-CVE/CVE-2022-20462](https://github.com/Live-Hack-CVE/CVE-2022-20462) + +### CVE-2022-20465 (2022-11-08) + + +In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036 + + +- [Live-Hack-CVE/CVE-2022-20465](https://github.com/Live-Hack-CVE/CVE-2022-20465) ### CVE-2022-20472 (2022-12-13) @@ -2446,6 +2056,38 @@ Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 - [Audiobahn/CVE-2022-20699](https://github.com/Audiobahn/CVE-2022-20699) - [rohankumardubey/CVE-2022-20699](https://github.com/rohankumardubey/CVE-2022-20699) +### CVE-2022-20772 (2022-11-04) + + +A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. + + +- [Live-Hack-CVE/CVE-2022-20772](https://github.com/Live-Hack-CVE/CVE-2022-20772) + +### CVE-2022-20775 (2022-09-30) + + +Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. + + +- [Live-Hack-CVE/CVE-2022-20775](https://github.com/Live-Hack-CVE/CVE-2022-20775) + +### CVE-2022-20812 (2022-07-06) + + +Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. + + +- [Live-Hack-CVE/CVE-2022-20812](https://github.com/Live-Hack-CVE/CVE-2022-20812) + +### CVE-2022-20826 (2022-11-15) + + +A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust. + + +- [Live-Hack-CVE/CVE-2022-20826](https://github.com/Live-Hack-CVE/CVE-2022-20826) + ### CVE-2022-20829 (2022-06-24) @@ -2454,53 +2096,125 @@ A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM - [jbaines-r7/theway](https://github.com/jbaines-r7/theway) -### CVE-2022-20918 (2022-11-15) +### CVE-2022-20831 (2022-11-15) -A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed. +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. -- [Live-Hack-CVE/CVE-2022-20918](https://github.com/Live-Hack-CVE/CVE-2022-20918) +- [Live-Hack-CVE/CVE-2022-20831](https://github.com/Live-Hack-CVE/CVE-2022-20831) -### CVE-2022-20922 (2022-11-15) +### CVE-2022-20832 (2022-11-15) -Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. -- [Live-Hack-CVE/CVE-2022-20922](https://github.com/Live-Hack-CVE/CVE-2022-20922) +- [Live-Hack-CVE/CVE-2022-20832](https://github.com/Live-Hack-CVE/CVE-2022-20832) -### CVE-2022-20924 (2022-11-15) +### CVE-2022-20833 (2022-11-15) -A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. -- [Live-Hack-CVE/CVE-2022-20924](https://github.com/Live-Hack-CVE/CVE-2022-20924) +- [Live-Hack-CVE/CVE-2022-20833](https://github.com/Live-Hack-CVE/CVE-2022-20833) -### CVE-2022-20925 (2022-11-15) +### CVE-2022-20834 (2022-11-15) -A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. -- [Live-Hack-CVE/CVE-2022-20925](https://github.com/Live-Hack-CVE/CVE-2022-20925) +- [Live-Hack-CVE/CVE-2022-20834](https://github.com/Live-Hack-CVE/CVE-2022-20834) -### CVE-2022-20926 (2022-11-15) +### CVE-2022-20835 (2022-11-15) -A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. -- [Live-Hack-CVE/CVE-2022-20926](https://github.com/Live-Hack-CVE/CVE-2022-20926) +- [Live-Hack-CVE/CVE-2022-20835](https://github.com/Live-Hack-CVE/CVE-2022-20835) -### CVE-2022-20927 (2022-11-15) +### CVE-2022-20836 (2022-11-15) -A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. -- [Live-Hack-CVE/CVE-2022-20927](https://github.com/Live-Hack-CVE/CVE-2022-20927) +- [Live-Hack-CVE/CVE-2022-20836](https://github.com/Live-Hack-CVE/CVE-2022-20836) + +### CVE-2022-20838 (2022-11-15) + + +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. + + +- [Live-Hack-CVE/CVE-2022-20838](https://github.com/Live-Hack-CVE/CVE-2022-20838) + +### CVE-2022-20839 (2022-11-15) + + +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. + + +- [Live-Hack-CVE/CVE-2022-20839](https://github.com/Live-Hack-CVE/CVE-2022-20839) + +### CVE-2022-20840 (2022-11-15) + + +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. + + +- [Live-Hack-CVE/CVE-2022-20840](https://github.com/Live-Hack-CVE/CVE-2022-20840) + +### CVE-2022-20843 (2022-11-15) + + +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. + + +- [Live-Hack-CVE/CVE-2022-20843](https://github.com/Live-Hack-CVE/CVE-2022-20843) + +### CVE-2022-20854 (2022-11-15) + + +A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device. + + +- [Live-Hack-CVE/CVE-2022-20854](https://github.com/Live-Hack-CVE/CVE-2022-20854) + +### CVE-2022-20867 (2022-11-04) + + +A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system. + + +- [Live-Hack-CVE/CVE-2022-20867](https://github.com/Live-Hack-CVE/CVE-2022-20867) + +### CVE-2022-20868 (2022-11-04) + + +A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. + + +- [Live-Hack-CVE/CVE-2022-20868](https://github.com/Live-Hack-CVE/CVE-2022-20868) + +### CVE-2022-20872 (2022-11-15) + + +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. + + +- [Live-Hack-CVE/CVE-2022-20872](https://github.com/Live-Hack-CVE/CVE-2022-20872) + +### CVE-2022-20905 (2022-11-15) + + +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. + + +- [Live-Hack-CVE/CVE-2022-20905](https://github.com/Live-Hack-CVE/CVE-2022-20905) ### CVE-2022-20928 (2022-11-15) @@ -2510,13 +2224,29 @@ A vulnerability in the authentication and authorization flows for VPN connection - [Live-Hack-CVE/CVE-2022-20928](https://github.com/Live-Hack-CVE/CVE-2022-20928) -### CVE-2022-20934 (2022-11-15) +### CVE-2022-20932 (2022-11-15) -A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. -- [Live-Hack-CVE/CVE-2022-20934](https://github.com/Live-Hack-CVE/CVE-2022-20934) +- [Live-Hack-CVE/CVE-2022-20932](https://github.com/Live-Hack-CVE/CVE-2022-20932) + +### CVE-2022-20935 (2022-11-15) + + +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. + + +- [Live-Hack-CVE/CVE-2022-20935](https://github.com/Live-Hack-CVE/CVE-2022-20935) + +### CVE-2022-20936 (2022-11-15) + + +Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. + + +- [Live-Hack-CVE/CVE-2022-20936](https://github.com/Live-Hack-CVE/CVE-2022-20936) ### CVE-2022-20938 (2022-11-15) @@ -2526,14 +2256,6 @@ A vulnerability in the module import function of the administrative interface of - [Live-Hack-CVE/CVE-2022-20938](https://github.com/Live-Hack-CVE/CVE-2022-20938) -### CVE-2022-20940 (2022-11-15) - - -A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. - - -- [Live-Hack-CVE/CVE-2022-20940](https://github.com/Live-Hack-CVE/CVE-2022-20940) - ### CVE-2022-20941 (2022-11-15) @@ -2542,21 +2264,13 @@ A vulnerability in the web-based management interface of Cisco Firepower Managem - [Live-Hack-CVE/CVE-2022-20941](https://github.com/Live-Hack-CVE/CVE-2022-20941) -### CVE-2022-20943 (2022-11-15) +### CVE-2022-20942 (2022-11-04) -Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. +A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. -- [Live-Hack-CVE/CVE-2022-20943](https://github.com/Live-Hack-CVE/CVE-2022-20943) - -### CVE-2022-20946 (2022-11-15) - - -A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. - - -- [Live-Hack-CVE/CVE-2022-20946](https://github.com/Live-Hack-CVE/CVE-2022-20946) +- [Live-Hack-CVE/CVE-2022-20942](https://github.com/Live-Hack-CVE/CVE-2022-20942) ### CVE-2022-20947 (2022-11-15) @@ -2566,29 +2280,69 @@ A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive - [Live-Hack-CVE/CVE-2022-20947](https://github.com/Live-Hack-CVE/CVE-2022-20947) -### CVE-2022-20949 (2022-11-15) +### CVE-2022-20956 (2022-11-04) -A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software. +A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"] -- [Live-Hack-CVE/CVE-2022-20949](https://github.com/Live-Hack-CVE/CVE-2022-20949) +- [Live-Hack-CVE/CVE-2022-20956](https://github.com/Live-Hack-CVE/CVE-2022-20956) -### CVE-2022-20950 (2022-11-15) +### CVE-2022-20958 (2022-11-04) -A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition. +A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]] -- [Live-Hack-CVE/CVE-2022-20950](https://github.com/Live-Hack-CVE/CVE-2022-20950) +- [Live-Hack-CVE/CVE-2022-20958](https://github.com/Live-Hack-CVE/CVE-2022-20958) -### CVE-2022-21126 (2022-11-29) +### CVE-2022-20960 (2022-11-04) -The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it. +A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated. -- [Live-Hack-CVE/CVE-2022-21126](https://github.com/Live-Hack-CVE/CVE-2022-21126) +- [Live-Hack-CVE/CVE-2022-20960](https://github.com/Live-Hack-CVE/CVE-2022-20960) + +### CVE-2022-20961 (2022-11-04) + + +A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user. + + +- [Live-Hack-CVE/CVE-2022-20961](https://github.com/Live-Hack-CVE/CVE-2022-20961) + +### CVE-2022-20962 (2022-11-04) + + +A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges. + + +- [Live-Hack-CVE/CVE-2022-20962](https://github.com/Live-Hack-CVE/CVE-2022-20962) + +### CVE-2022-20963 (2022-11-04) + + +A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device. + + +- [Live-Hack-CVE/CVE-2022-20963](https://github.com/Live-Hack-CVE/CVE-2022-20963) + +### CVE-2022-20969 (2022-11-04) + + +A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. + + +- [Live-Hack-CVE/CVE-2022-20969](https://github.com/Live-Hack-CVE/CVE-2022-20969) + +### CVE-2022-21198 (2022-11-11) + + +Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-21198](https://github.com/Live-Hack-CVE/CVE-2022-21198) ### CVE-2022-21241 (2022-02-08) @@ -2619,6 +2373,14 @@ Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o - [Damok82/SignChecker](https://github.com/Damok82/SignChecker) - [fundaergn/CVE-2022-21449](https://github.com/fundaergn/CVE-2022-21449) +### CVE-2022-21595 (2022-10-18) + + +Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + +- [Live-Hack-CVE/CVE-2022-21595](https://github.com/Live-Hack-CVE/CVE-2022-21595) + ### CVE-2022-21658 (2022-01-20) @@ -2655,6 +2417,46 @@ pipenv is a Python development workflow tool. Starting with version 2018.10.9 an - [sreeram281997/CVE-2022-21668-Pipenv-RCE-vulnerability](https://github.com/sreeram281997/CVE-2022-21668-Pipenv-RCE-vulnerability) +### CVE-2022-21680 (2022-01-14) + + +Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. + + +- [Live-Hack-CVE/CVE-2022-21680](https://github.com/Live-Hack-CVE/CVE-2022-21680) + +### CVE-2022-21681 (2022-01-14) + + +Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. + + +- [Live-Hack-CVE/CVE-2022-21681](https://github.com/Live-Hack-CVE/CVE-2022-21681) + +### CVE-2022-21722 (2022-01-26) + + +PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. + + +- [Live-Hack-CVE/CVE-2022-21722](https://github.com/Live-Hack-CVE/CVE-2022-21722) + +### CVE-2022-21723 (2022-01-26) + + +PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. + + +- [Live-Hack-CVE/CVE-2022-21723](https://github.com/Live-Hack-CVE/CVE-2022-21723) + +### CVE-2022-21724 (2022-02-02) + + +pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. + + +- [Live-Hack-CVE/CVE-2022-21724](https://github.com/Live-Hack-CVE/CVE-2022-21724) + ### CVE-2022-21728 (2022-02-03) @@ -2663,6 +2465,14 @@ Tensorflow is an Open Source Machine Learning Framework. The implementation of s - [mwina/CVE-2022-21728-test](https://github.com/mwina/CVE-2022-21728-test) +### CVE-2022-21778 (2022-11-08) + + +In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. + + +- [Live-Hack-CVE/CVE-2022-21778](https://github.com/Live-Hack-CVE/CVE-2022-21778) + ### CVE-2022-21789 (2022-08-01) @@ -2671,13 +2481,29 @@ In audio ipi, there is a possible memory corruption due to a race condition. Thi - [docfate111/CVE-2022-21789](https://github.com/docfate111/CVE-2022-21789) -### CVE-2022-21797 (2022-09-26) +### CVE-2022-21794 (2022-11-11) -The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. +Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-21797](https://github.com/Live-Hack-CVE/CVE-2022-21797) +- [Live-Hack-CVE/CVE-2022-21794](https://github.com/Live-Hack-CVE/CVE-2022-21794) + +### CVE-2022-21824 (2022-02-24) + + +Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. + + +- [Live-Hack-CVE/CVE-2022-21824](https://github.com/Live-Hack-CVE/CVE-2022-21824) + +### CVE-2022-21831 (2022-05-26) + + +A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. + + +- [Live-Hack-CVE/CVE-2022-21831](https://github.com/Live-Hack-CVE/CVE-2022-21831) ### CVE-2022-21877 (2022-01-11) @@ -2716,6 +2542,14 @@ HTTP Protocol Stack Remote Code Execution Vulnerability. - [iveresk/cve-2022-21907-http.sys](https://github.com/iveresk/cve-2022-21907-http.sys) - [iveresk/cve-2022-21907](https://github.com/iveresk/cve-2022-21907) +### CVE-2022-21944 (2022-01-26) + + +A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. + + +- [Live-Hack-CVE/CVE-2022-21944](https://github.com/Live-Hack-CVE/CVE-2022-21944) + ### CVE-2022-21971 (2022-02-09) @@ -2741,6 +2575,14 @@ Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is uniqu - [ly4k/SpoolFool](https://github.com/ly4k/SpoolFool) +### CVE-2022-22293 (2022-01-01) + + +admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. + + +- [Live-Hack-CVE/CVE-2022-22293](https://github.com/Live-Hack-CVE/CVE-2022-22293) + ### CVE-2022-22296 (2022-01-24) @@ -2749,6 +2591,14 @@ Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to - [vlakhani28/CVE-2022-22296](https://github.com/vlakhani28/CVE-2022-22296) +### CVE-2022-22503 (2022-10-06) + + +IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. + + +- [Live-Hack-CVE/CVE-2022-22503](https://github.com/Live-Hack-CVE/CVE-2022-22503) + ### CVE-2022-22536 (2022-02-09) @@ -2758,6 +2608,14 @@ SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, AB - [antx-code/CVE-2022-22536](https://github.com/antx-code/CVE-2022-22536) - [tess-ss/SAP-memory-pipes-desynchronization-vulnerability-MPI-CVE-2022-22536](https://github.com/tess-ss/SAP-memory-pipes-desynchronization-vulnerability-MPI-CVE-2022-22536) +### CVE-2022-22577 (2022-05-26) + + +An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. + + +- [Live-Hack-CVE/CVE-2022-22577](https://github.com/Live-Hack-CVE/CVE-2022-22577) + ### CVE-2022-22582 - [poizon-box/CVE-2022-22582](https://github.com/poizon-box/CVE-2022-22582) @@ -2802,6 +2660,14 @@ Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is uniqu - [ahmetfurkans/CVE-2022-22718](https://github.com/ahmetfurkans/CVE-2022-22718) +### CVE-2022-22808 (2022-02-09) + + +A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) + + +- [Live-Hack-CVE/CVE-2022-22808](https://github.com/Live-Hack-CVE/CVE-2022-22808) + ### CVE-2022-22814 (2022-03-10) @@ -2810,30 +2676,6 @@ The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalatio - [DShankle/CVE-2022-22814_PoC](https://github.com/DShankle/CVE-2022-22814_PoC) -### CVE-2022-22815 (2022-01-07) - - -path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. - - -- [Live-Hack-CVE/CVE-2022-22815](https://github.com/Live-Hack-CVE/CVE-2022-22815) - -### CVE-2022-22816 (2022-01-07) - - -path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. - - -- [Live-Hack-CVE/CVE-2022-22816](https://github.com/Live-Hack-CVE/CVE-2022-22816) - -### CVE-2022-22817 (2022-01-07) - - -PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used, - - -- [Live-Hack-CVE/CVE-2022-22817](https://github.com/Live-Hack-CVE/CVE-2022-22817) - ### CVE-2022-22822 (2022-01-07) @@ -2850,6 +2692,14 @@ An insecure direct object reference for the file-download URL in Synametrics Syn - [videnlabs/CVE-2022-22828](https://github.com/videnlabs/CVE-2022-22828) +### CVE-2022-22844 (2022-01-08) + + +LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. + + +- [Live-Hack-CVE/CVE-2022-22844](https://github.com/Live-Hack-CVE/CVE-2022-22844) + ### CVE-2022-22845 (2022-01-09) @@ -3081,7 +2931,6 @@ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t - [cxzero/CVE-2022-22965-spring4shell](https://github.com/cxzero/CVE-2022-22965-spring4shell) - [TungLVHE163594/Spring4Shell-CVE-2022-22965](https://github.com/TungLVHE163594/Spring4Shell-CVE-2022-22965) - [tpt11fb/SpringVulScan](https://github.com/tpt11fb/SpringVulScan) -- [zangcc/CVE-2022-22965-rexbb](https://github.com/zangcc/CVE-2022-22965-rexbb) ### CVE-2022-22968 (2022-04-14) @@ -3091,14 +2940,6 @@ In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupport - [MarcinGadz/spring-rce-poc](https://github.com/MarcinGadz/spring-rce-poc) -### CVE-2022-22970 (2022-05-12) - - -In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. - - -- [dapdelivery/spring-petclinic-template-with-CVE-2022-22970](https://github.com/dapdelivery/spring-petclinic-template-with-CVE-2022-22970) - ### CVE-2022-22972 (2022-05-20) @@ -3138,78 +2979,6 @@ A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Qu - [jweny/cve-2022-22980-exp](https://github.com/jweny/cve-2022-22980-exp) - [murataydemir/CVE-2022-22980](https://github.com/murataydemir/CVE-2022-22980) -### CVE-2022-22984 (2022-11-30) - - -The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605. - - -- [Live-Hack-CVE/CVE-2022-22984](https://github.com/Live-Hack-CVE/CVE-2022-22984) - -### CVE-2022-23036 (2022-03-10) - - -Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 - - -- [Live-Hack-CVE/CVE-2022-23036](https://github.com/Live-Hack-CVE/CVE-2022-23036) - -### CVE-2022-23037 (2022-03-10) - - -Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 - - -- [Live-Hack-CVE/CVE-2022-23037](https://github.com/Live-Hack-CVE/CVE-2022-23037) - -### CVE-2022-23038 (2022-03-10) - - -Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 - - -- [Live-Hack-CVE/CVE-2022-23038](https://github.com/Live-Hack-CVE/CVE-2022-23038) - -### CVE-2022-23039 (2022-03-10) - - -Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 - - -- [Live-Hack-CVE/CVE-2022-23039](https://github.com/Live-Hack-CVE/CVE-2022-23039) - -### CVE-2022-23040 (2022-03-10) - - -Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 - - -- [Live-Hack-CVE/CVE-2022-23040](https://github.com/Live-Hack-CVE/CVE-2022-23040) - -### CVE-2022-23041 (2022-03-10) - - -Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 - - -- [Live-Hack-CVE/CVE-2022-23041](https://github.com/Live-Hack-CVE/CVE-2022-23041) - -### CVE-2022-23042 (2022-03-10) - - -Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 - - -- [Live-Hack-CVE/CVE-2022-23042](https://github.com/Live-Hack-CVE/CVE-2022-23042) - -### CVE-2022-23044 (2022-11-25) - - -Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF. - - -- [Live-Hack-CVE/CVE-2022-23044](https://github.com/Live-Hack-CVE/CVE-2022-23044) - ### CVE-2022-23046 (2022-01-19) @@ -3241,6 +3010,22 @@ In the case of instances where the SAML SSO authentication is enabled (non-defau - [Kazaf6s/CVE-2022-23131](https://github.com/Kazaf6s/CVE-2022-23131) - [trhacknon/CVE-2022-23131](https://github.com/trhacknon/CVE-2022-23131) +### CVE-2022-23218 (2022-01-14) + + +The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2022-23218](https://github.com/Live-Hack-CVE/CVE-2022-23218) + +### CVE-2022-23219 (2022-01-14) + + +The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2022-23219](https://github.com/Live-Hack-CVE/CVE-2022-23219) + ### CVE-2022-23222 (2022-01-14) @@ -3294,13 +3079,13 @@ A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of Ta - [TheGetch/CVE-2022-23378](https://github.com/TheGetch/CVE-2022-23378) -### CVE-2022-23632 (2022-02-17) +### CVE-2022-23608 (2022-02-22) -Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. Version 2.6.1 contains a patch for this issue. As a workaround, one may add the FDQN to the host rule. However, there is no workaround if the CNAME flattening is enabled. +PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. -- [Live-Hack-CVE/CVE-2022-23632](https://github.com/Live-Hack-CVE/CVE-2022-23632) +- [Live-Hack-CVE/CVE-2022-23608](https://github.com/Live-Hack-CVE/CVE-2022-23608) ### CVE-2022-23642 (2022-02-18) @@ -3318,6 +3103,14 @@ containerd is a container runtime available as a daemon for Linux and Windows. A - [raesene/CVE-2022-23648-POC](https://github.com/raesene/CVE-2022-23648-POC) +### CVE-2022-23708 (2022-03-03) + + +A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. + + +- [Live-Hack-CVE/CVE-2022-23708](https://github.com/Live-Hack-CVE/CVE-2022-23708) + ### CVE-2022-23731 (2022-03-11) @@ -3326,21 +3119,21 @@ V8 javascript engine (heap vulnerability) can cause privilege escalation ,which - [DavidBuchanan314/WAMpage](https://github.com/DavidBuchanan314/WAMpage) -### CVE-2022-23740 (2022-11-23) +### CVE-2022-23772 (2022-02-10) -CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. +Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. -- [Live-Hack-CVE/CVE-2022-23740](https://github.com/Live-Hack-CVE/CVE-2022-23740) +- [Live-Hack-CVE/CVE-2022-23772](https://github.com/Live-Hack-CVE/CVE-2022-23772) -### CVE-2022-23743 (2022-05-11) +### CVE-2022-23773 (2022-02-10) -Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119 +cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. -- [Live-Hack-CVE/CVE-2022-23743](https://github.com/Live-Hack-CVE/CVE-2022-23743) +- [Live-Hack-CVE/CVE-2022-23773](https://github.com/Live-Hack-CVE/CVE-2022-23773) ### CVE-2022-23779 (2022-03-02) @@ -3350,6 +3143,14 @@ Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed serve - [fbusr/CVE-2022-23779](https://github.com/fbusr/CVE-2022-23779) +### CVE-2022-23806 (2022-02-10) + + +Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. + + +- [Live-Hack-CVE/CVE-2022-23806](https://github.com/Live-Hack-CVE/CVE-2022-23806) + ### CVE-2022-23808 (2022-01-21) @@ -3366,13 +3167,21 @@ This affects the package node-ipc from 10.1.1 and before 10.1.3. This package co - [scriptzteam/node-ipc-malware-protestware-CVE-2022-23812](https://github.com/scriptzteam/node-ipc-malware-protestware-CVE-2022-23812) -### CVE-2022-23824 (2022-11-09) +### CVE-2022-23825 (2022-07-14) -IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. +Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. -- [Live-Hack-CVE/CVE-2022-23824](https://github.com/Live-Hack-CVE/CVE-2022-23824) +- [Live-Hack-CVE/CVE-2022-23825](https://github.com/Live-Hack-CVE/CVE-2022-23825) + +### CVE-2022-23831 (2022-11-09) + + +Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. + + +- [Live-Hack-CVE/CVE-2022-23831](https://github.com/Live-Hack-CVE/CVE-2022-23831) ### CVE-2022-23852 (2022-01-23) @@ -3422,21 +3231,13 @@ Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog functi - [Satheesh575555/external_expat_AOSP10_r33_CVE-2022-23990](https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-23990) -### CVE-2022-24037 (2022-11-18) +### CVE-2022-24036 (2022-11-16) -Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to obtain critical information. +Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs. -- [Live-Hack-CVE/CVE-2022-24037](https://github.com/Live-Hack-CVE/CVE-2022-24037) - -### CVE-2022-24038 (2022-11-18) - - -Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed. - - -- [Live-Hack-CVE/CVE-2022-24038](https://github.com/Live-Hack-CVE/CVE-2022-24038) +- [Live-Hack-CVE/CVE-2022-24036](https://github.com/Live-Hack-CVE/CVE-2022-24036) ### CVE-2022-24086 (2022-02-16) @@ -3500,46 +3301,6 @@ Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System - [comrade99/CVE-2022-24181](https://github.com/comrade99/CVE-2022-24181) -### CVE-2022-24187 (2022-11-28) - - -The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users. - - -- [Live-Hack-CVE/CVE-2022-24187](https://github.com/Live-Hack-CVE/CVE-2022-24187) - -### CVE-2022-24188 (2022-11-28) - - -The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality. - - -- [Live-Hack-CVE/CVE-2022-24188](https://github.com/Live-Hack-CVE/CVE-2022-24188) - -### CVE-2022-24189 (2022-11-28) - - -The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users. - - -- [Live-Hack-CVE/CVE-2022-24189](https://github.com/Live-Hack-CVE/CVE-2022-24189) - -### CVE-2022-24190 (2022-11-28) - - -The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction. - - -- [Live-Hack-CVE/CVE-2022-24190](https://github.com/Live-Hack-CVE/CVE-2022-24190) - -### CVE-2022-24303 (2022-03-27) - - -Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. - - -- [Live-Hack-CVE/CVE-2022-24303](https://github.com/Live-Hack-CVE/CVE-2022-24303) - ### CVE-2022-24348 (2022-02-04) @@ -3548,14 +3309,6 @@ Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related t - [jkroepke/CVE-2022-24348-2](https://github.com/jkroepke/CVE-2022-24348-2) -### CVE-2022-24441 (2022-11-30) - - -The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as ‘trusted’ in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: - VS Code - Affected: <=1.8.0, Fixed: 1.9.0 - IntelliJ - Affected: <=2.4.47, Fixed: 2.4.48 - Visual Studio - Affected: <=1.1.30, Fixed: 1.1.31 - Eclipse - Affected: <=v20221115.132308, Fixed: All subsequent versions - Language Server - Affected: <=v20221109.114426, Fixed: All subsequent versions - - -- [Live-Hack-CVE/CVE-2022-24441](https://github.com/Live-Hack-CVE/CVE-2022-24441) - ### CVE-2022-24449 (2022-04-28) @@ -3663,13 +3416,29 @@ regex is an implementation of regular expressions for the Rust language. The reg - [ItzSwirlz/CVE-2022-24713-POC](https://github.com/ItzSwirlz/CVE-2022-24713-POC) -### CVE-2022-24723 (2022-03-03) +### CVE-2022-24714 (2022-03-08) -URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround. +Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. -- [Live-Hack-CVE/CVE-2022-24723](https://github.com/Live-Hack-CVE/CVE-2022-24723) +- [Live-Hack-CVE/CVE-2022-24714](https://github.com/Live-Hack-CVE/CVE-2022-24714) + +### CVE-2022-24715 (2022-03-08) + + +Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. + + +- [Live-Hack-CVE/CVE-2022-24715](https://github.com/Live-Hack-CVE/CVE-2022-24715) + +### CVE-2022-24716 (2022-03-08) + + +Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. + + +- [Live-Hack-CVE/CVE-2022-24716](https://github.com/Live-Hack-CVE/CVE-2022-24716) ### CVE-2022-24734 (2022-03-09) @@ -3680,6 +3449,14 @@ MyBB is a free and open source forum software. In affected versions the Admin CP - [Altelus1/CVE-2022-24734](https://github.com/Altelus1/CVE-2022-24734) - [lavclash75/mybb-CVE-2022-24734](https://github.com/lavclash75/mybb-CVE-2022-24734) +### CVE-2022-24754 (2022-03-11) + + +PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. + + +- [Live-Hack-CVE/CVE-2022-24754](https://github.com/Live-Hack-CVE/CVE-2022-24754) + ### CVE-2022-24760 (2022-03-11) @@ -3688,13 +3465,29 @@ Parse Server is an open source http web server backend. In versions prior to 4.1 - [tuo4n8/CVE-2022-24760](https://github.com/tuo4n8/CVE-2022-24760) -### CVE-2022-24823 (2022-05-06) +### CVE-2022-24763 (2022-03-30) -Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. +PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. -- [Live-Hack-CVE/CVE-2022-24823](https://github.com/Live-Hack-CVE/CVE-2022-24823) +- [Live-Hack-CVE/CVE-2022-24763](https://github.com/Live-Hack-CVE/CVE-2022-24763) + +### CVE-2022-24764 (2022-03-22) + + +PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds. + + +- [Live-Hack-CVE/CVE-2022-24764](https://github.com/Live-Hack-CVE/CVE-2022-24764) + +### CVE-2022-24786 (2022-04-06) + + +PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds. + + +- [Live-Hack-CVE/CVE-2022-24786](https://github.com/Live-Hack-CVE/CVE-2022-24786) ### CVE-2022-24853 (2022-04-14) @@ -3704,6 +3497,38 @@ Metabase is an open source business intelligence and analytics application. Meta - [secure-77/CVE-2022-24853](https://github.com/secure-77/CVE-2022-24853) +### CVE-2022-24882 (2022-04-26) + + +FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. + + +- [Live-Hack-CVE/CVE-2022-24882](https://github.com/Live-Hack-CVE/CVE-2022-24882) + +### CVE-2022-24883 (2022-04-26) + + +FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. + + +- [Live-Hack-CVE/CVE-2022-24883](https://github.com/Live-Hack-CVE/CVE-2022-24883) + +### CVE-2022-24903 (2022-05-05) + + +Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. + + +- [Live-Hack-CVE/CVE-2022-24903](https://github.com/Live-Hack-CVE/CVE-2022-24903) + +### CVE-2022-24921 (2022-03-05) + + +regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. + + +- [Live-Hack-CVE/CVE-2022-24921](https://github.com/Live-Hack-CVE/CVE-2022-24921) + ### CVE-2022-24924 (2022-02-11) @@ -3723,13 +3548,21 @@ wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code ex - [webraybtl/CVE-2022-24934](https://github.com/webraybtl/CVE-2022-24934) - [MagicPiperSec/WPS-CVE-2022-24934](https://github.com/MagicPiperSec/WPS-CVE-2022-24934) -### CVE-2022-24939 (2022-11-17) +### CVE-2022-24937 (2022-11-14) -A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. +Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. -- [Live-Hack-CVE/CVE-2022-24939](https://github.com/Live-Hack-CVE/CVE-2022-24939) +- [Live-Hack-CVE/CVE-2022-24937](https://github.com/Live-Hack-CVE/CVE-2022-24937) + +### CVE-2022-24938 (2022-11-14) + + +A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. + + +- [Live-Hack-CVE/CVE-2022-24938](https://github.com/Live-Hack-CVE/CVE-2022-24938) ### CVE-2022-24942 (2022-11-15) @@ -3753,7 +3586,6 @@ qs before 6.10.3, as used in Express before 4.17.3 and other products, allows at - [n8tz/CVE-2022-24999](https://github.com/n8tz/CVE-2022-24999) -- [Live-Hack-CVE/CVE-2022-24999](https://github.com/Live-Hack-CVE/CVE-2022-24999) ### CVE-2022-25018 (2022-02-28) @@ -3831,13 +3663,13 @@ Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary tem - [ComparedArray/printix-CVE-2022-25090](https://github.com/ComparedArray/printix-CVE-2022-25090) -### CVE-2022-25164 (2022-11-24) +### CVE-2022-25169 (2022-05-16) -Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module. +The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. -- [Live-Hack-CVE/CVE-2022-25164](https://github.com/Live-Hack-CVE/CVE-2022-25164) +- [Live-Hack-CVE/CVE-2022-25169](https://github.com/Live-Hack-CVE/CVE-2022-25169) ### CVE-2022-25235 (2022-02-15) @@ -3847,6 +3679,14 @@ xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of e - [Satheesh575555/external_expat_AOSP10_r33_CVE-2022-25235](https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-25235) +### CVE-2022-25243 (2022-03-07) + + +"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. + + +- [Live-Hack-CVE/CVE-2022-25243](https://github.com/Live-Hack-CVE/CVE-2022-25243) + ### CVE-2022-25256 (2022-02-18) @@ -3907,14 +3747,6 @@ An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kern - [szymonh/rndis-co](https://github.com/szymonh/rndis-co) -### CVE-2022-25610 (2022-03-25) - - -Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. - - -- [Live-Hack-CVE/CVE-2022-25610](https://github.com/Live-Hack-CVE/CVE-2022-25610) - ### CVE-2022-25636 (2022-02-21) @@ -3933,37 +3765,133 @@ In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement - [dim0x69/cve-2022-25640-exploit](https://github.com/dim0x69/cve-2022-25640-exploit) -### CVE-2022-25647 (2022-05-01) +### CVE-2022-25667 (2022-11-15) -The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. +Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking -- [Live-Hack-CVE/CVE-2022-25647](https://github.com/Live-Hack-CVE/CVE-2022-25647) +- [Live-Hack-CVE/CVE-2022-25667](https://github.com/Live-Hack-CVE/CVE-2022-25667) -### CVE-2022-25848 (2022-11-29) +### CVE-2022-25671 (2022-11-15) -This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. +Denial of service in MODEM due to reachable assertion in Snapdragon Mobile -- [Live-Hack-CVE/CVE-2022-25848](https://github.com/Live-Hack-CVE/CVE-2022-25848) +- [Live-Hack-CVE/CVE-2022-25671](https://github.com/Live-Hack-CVE/CVE-2022-25671) -### CVE-2022-25892 (2022-11-01) +### CVE-2022-25674 (2022-11-15) -The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. +Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music -- [Live-Hack-CVE/CVE-2022-25892](https://github.com/Live-Hack-CVE/CVE-2022-25892) +- [Live-Hack-CVE/CVE-2022-25674](https://github.com/Live-Hack-CVE/CVE-2022-25674) -### CVE-2022-25917 (2022-11-11) +### CVE-2022-25676 (2022-11-15) -Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. +Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables -- [Live-Hack-CVE/CVE-2022-25917](https://github.com/Live-Hack-CVE/CVE-2022-25917) +- [Live-Hack-CVE/CVE-2022-25676](https://github.com/Live-Hack-CVE/CVE-2022-25676) + +### CVE-2022-25679 (2022-11-15) + + +Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables + + +- [Live-Hack-CVE/CVE-2022-25679](https://github.com/Live-Hack-CVE/CVE-2022-25679) + +### CVE-2022-25710 (2022-11-15) + + +Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music + + +- [Live-Hack-CVE/CVE-2022-25710](https://github.com/Live-Hack-CVE/CVE-2022-25710) + +### CVE-2022-25724 (2022-11-15) + + +Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables + + +- [Live-Hack-CVE/CVE-2022-25724](https://github.com/Live-Hack-CVE/CVE-2022-25724) + +### CVE-2022-25727 (2022-11-15) + + +Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music + + +- [Live-Hack-CVE/CVE-2022-25727](https://github.com/Live-Hack-CVE/CVE-2022-25727) + +### CVE-2022-25741 (2022-11-15) + + +Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables + + +- [Live-Hack-CVE/CVE-2022-25741](https://github.com/Live-Hack-CVE/CVE-2022-25741) + +### CVE-2022-25742 (2022-11-15) + + +Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music + + +- [Live-Hack-CVE/CVE-2022-25742](https://github.com/Live-Hack-CVE/CVE-2022-25742) + +### CVE-2022-25743 (2022-11-15) + + +Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables + + +- [Live-Hack-CVE/CVE-2022-25743](https://github.com/Live-Hack-CVE/CVE-2022-25743) + +### CVE-2022-25765 (2022-09-09) + + +The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. + + +- [Live-Hack-CVE/CVE-2022-25765](https://github.com/Live-Hack-CVE/CVE-2022-25765) + +### CVE-2022-25794 (2022-04-11) + + +An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. + + +- [Live-Hack-CVE/CVE-2022-25794](https://github.com/Live-Hack-CVE/CVE-2022-25794) + +### CVE-2022-25799 (2022-08-16) + + +An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials. + + +- [Live-Hack-CVE/CVE-2022-25799](https://github.com/Live-Hack-CVE/CVE-2022-25799) + +### CVE-2022-25844 (2022-05-01) + + +The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. + + +- [Live-Hack-CVE/CVE-2022-25844](https://github.com/Live-Hack-CVE/CVE-2022-25844) + +### CVE-2022-25932 (2022-11-09) + + +The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability. + + +- [Live-Hack-CVE/CVE-2022-25932](https://github.com/Live-Hack-CVE/CVE-2022-25932) ### CVE-2022-25943 (2022-03-08) @@ -3982,6 +3910,86 @@ The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010 - [tandasat/CVE-2022-25949](https://github.com/tandasat/CVE-2022-25949) +### CVE-2022-26006 (2022-11-11) + + +Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-26006](https://github.com/Live-Hack-CVE/CVE-2022-26006) + +### CVE-2022-26023 (2022-11-09) + + +A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. + + +- [Live-Hack-CVE/CVE-2022-26023](https://github.com/Live-Hack-CVE/CVE-2022-26023) + +### CVE-2022-26024 (2022-11-11) + + +Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-26024](https://github.com/Live-Hack-CVE/CVE-2022-26024) + +### CVE-2022-26028 (2022-11-11) + + +Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-26028](https://github.com/Live-Hack-CVE/CVE-2022-26028) + +### CVE-2022-26045 (2022-11-11) + + +Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. + + +- [Live-Hack-CVE/CVE-2022-26045](https://github.com/Live-Hack-CVE/CVE-2022-26045) + +### CVE-2022-26047 (2022-11-11) + + +Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. + + +- [Live-Hack-CVE/CVE-2022-26047](https://github.com/Live-Hack-CVE/CVE-2022-26047) + +### CVE-2022-26079 (2022-11-11) + + +Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-26079](https://github.com/Live-Hack-CVE/CVE-2022-26079) + +### CVE-2022-26086 (2022-11-11) + + +Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-26086](https://github.com/Live-Hack-CVE/CVE-2022-26086) + +### CVE-2022-26088 (2022-11-10) + + +An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field. NOTE: the vendor's position is that "no real impact is demonstrated." + + +- [Live-Hack-CVE/CVE-2022-26088](https://github.com/Live-Hack-CVE/CVE-2022-26088) + +### CVE-2022-26124 (2022-11-11) + + +Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-26124](https://github.com/Live-Hack-CVE/CVE-2022-26124) + ### CVE-2022-26133 (2022-04-20) @@ -4047,14 +4055,6 @@ A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote - [assetnote/jira-mobile-ssrf-exploit](https://github.com/assetnote/jira-mobile-ssrf-exploit) -### CVE-2022-26151 (2022-04-12) - - -Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. - - -- [Live-Hack-CVE/CVE-2022-26151](https://github.com/Live-Hack-CVE/CVE-2022-26151) - ### CVE-2022-26155 (2022-02-28) @@ -4103,14 +4103,6 @@ Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via sp - [nsbogam/CVE-2022-26269](https://github.com/nsbogam/CVE-2022-26269) -### CVE-2022-26280 (2022-03-28) - - -Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. - - -- [Live-Hack-CVE/CVE-2022-26280](https://github.com/Live-Hack-CVE/CVE-2022-26280) - ### CVE-2022-26318 (2022-03-04) @@ -4121,21 +4113,53 @@ On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute ar - [h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318](https://github.com/h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318) - [BabyTeam1024/CVE-2022-26318](https://github.com/BabyTeam1024/CVE-2022-26318) -### CVE-2022-26366 (2022-11-30) +### CVE-2022-26341 (2022-11-11) -Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress. +Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. -- [Live-Hack-CVE/CVE-2022-26366](https://github.com/Live-Hack-CVE/CVE-2022-26366) +- [Live-Hack-CVE/CVE-2022-26341](https://github.com/Live-Hack-CVE/CVE-2022-26341) -### CVE-2022-26376 (2022-08-05) +### CVE-2022-26367 (2022-11-11) -A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. +Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-26376](https://github.com/Live-Hack-CVE/CVE-2022-26376) +- [Live-Hack-CVE/CVE-2022-26367](https://github.com/Live-Hack-CVE/CVE-2022-26367) + +### CVE-2022-26369 (2022-11-11) + + +Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. + + +- [Live-Hack-CVE/CVE-2022-26369](https://github.com/Live-Hack-CVE/CVE-2022-26369) + +### CVE-2022-26446 (2022-11-08) + + +In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. + + +- [Live-Hack-CVE/CVE-2022-26446](https://github.com/Live-Hack-CVE/CVE-2022-26446) + +### CVE-2022-26498 (2022-04-15) + + +An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. + + +- [Live-Hack-CVE/CVE-2022-26498](https://github.com/Live-Hack-CVE/CVE-2022-26498) + +### CVE-2022-26499 (2022-04-15) + + +An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. + + +- [Live-Hack-CVE/CVE-2022-26499](https://github.com/Live-Hack-CVE/CVE-2022-26499) ### CVE-2022-26503 (2022-03-17) @@ -4145,6 +4169,30 @@ Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0. - [sinsinology/CVE-2022-26503](https://github.com/sinsinology/CVE-2022-26503) +### CVE-2022-26508 (2022-11-11) + + +Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. + + +- [Live-Hack-CVE/CVE-2022-26508](https://github.com/Live-Hack-CVE/CVE-2022-26508) + +### CVE-2022-26513 (2022-11-11) + + +Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. + + +- [Live-Hack-CVE/CVE-2022-26513](https://github.com/Live-Hack-CVE/CVE-2022-26513) + +### CVE-2022-26520 (2022-03-07) + + +** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties. + + +- [Live-Hack-CVE/CVE-2022-26520](https://github.com/Live-Hack-CVE/CVE-2022-26520) + ### CVE-2022-26629 (2022-03-24) @@ -4162,6 +4210,22 @@ Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injectio - [Cyb3rR3ap3r/CVE-2022-26631](https://github.com/Cyb3rR3ap3r/CVE-2022-26631) +### CVE-2022-26651 (2022-04-15) + + +An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. + + +- [Live-Hack-CVE/CVE-2022-26651](https://github.com/Live-Hack-CVE/CVE-2022-26651) + +### CVE-2022-26704 (2022-05-26) + + +A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. + + +- [Live-Hack-CVE/CVE-2022-26704](https://github.com/Live-Hack-CVE/CVE-2022-26704) + ### CVE-2022-26717 (2022-11-01) @@ -4179,6 +4243,14 @@ This issue was addressed with improved checks. This issue is fixed in Security U - [acheong08/CVE-2022-26726-POC](https://github.com/acheong08/CVE-2022-26726-POC) +### CVE-2022-26744 (2022-05-26) + + +A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. + + +- [Live-Hack-CVE/CVE-2022-26744](https://github.com/Live-Hack-CVE/CVE-2022-26744) + ### CVE-2022-26757 (2022-05-26) @@ -4202,13 +4274,13 @@ Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID i - [yuanLink/CVE-2022-26809](https://github.com/yuanLink/CVE-2022-26809) - [s1ckb017/PoC-CVE-2022-26809](https://github.com/s1ckb017/PoC-CVE-2022-26809) -### CVE-2022-26885 (2022-11-24) +### CVE-2022-26845 (2022-11-11) -When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. +Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. -- [Live-Hack-CVE/CVE-2022-26885](https://github.com/Live-Hack-CVE/CVE-2022-26885) +- [Live-Hack-CVE/CVE-2022-26845](https://github.com/Live-Hack-CVE/CVE-2022-26845) ### CVE-2022-26923 (2022-05-10) @@ -4244,13 +4316,13 @@ EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfe - [Kenun99/CVE-batdappboomx](https://github.com/Kenun99/CVE-batdappboomx) -### CVE-2022-27201 (2022-03-15) +### CVE-2022-27187 (2022-11-11) -Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. +Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-27201](https://github.com/Live-Hack-CVE/CVE-2022-27201) +- [Live-Hack-CVE/CVE-2022-27187](https://github.com/Live-Hack-CVE/CVE-2022-27187) ### CVE-2022-27226 (2022-03-18) @@ -4260,6 +4332,14 @@ A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a t - [SakuraSamuraii/ez-iRZ](https://github.com/SakuraSamuraii/ez-iRZ) +### CVE-2022-27233 (2022-11-11) + + +XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. + + +- [Live-Hack-CVE/CVE-2022-27233](https://github.com/Live-Hack-CVE/CVE-2022-27233) + ### CVE-2022-27251 - [TheCyberGeek/CVE-2022-27251](https://github.com/TheCyberGeek/CVE-2022-27251) @@ -4271,6 +4351,14 @@ The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal - [nonamecoder/CVE-2022-27254](https://github.com/nonamecoder/CVE-2022-27254) +### CVE-2022-27380 (2022-04-12) + + +An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + + +- [Live-Hack-CVE/CVE-2022-27380](https://github.com/Live-Hack-CVE/CVE-2022-27380) + ### CVE-2022-27413 (2022-05-03) @@ -4295,21 +4383,69 @@ Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the u - [gerr-re/cve-2022-27438](https://github.com/gerr-re/cve-2022-27438) -### CVE-2022-27631 (2022-08-05) +### CVE-2022-27497 (2022-11-11) -A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. +Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. -- [Live-Hack-CVE/CVE-2022-27631](https://github.com/Live-Hack-CVE/CVE-2022-27631) +- [Live-Hack-CVE/CVE-2022-27497](https://github.com/Live-Hack-CVE/CVE-2022-27497) -### CVE-2022-27650 (2022-04-04) +### CVE-2022-27499 (2022-11-11) -A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. +Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. -- [Live-Hack-CVE/CVE-2022-27650](https://github.com/Live-Hack-CVE/CVE-2022-27650) +- [Live-Hack-CVE/CVE-2022-27499](https://github.com/Live-Hack-CVE/CVE-2022-27499) + +### CVE-2022-27510 (2022-11-08) + + +Unauthorized access to Gateway user capabilities + + +- [Live-Hack-CVE/CVE-2022-27510](https://github.com/Live-Hack-CVE/CVE-2022-27510) + +### CVE-2022-27513 (2022-11-08) + + +Remote desktop takeover via phishing + + +- [Live-Hack-CVE/CVE-2022-27513](https://github.com/Live-Hack-CVE/CVE-2022-27513) + +### CVE-2022-27516 (2022-11-08) + + +User login brute force protection functionality bypass + + +- [Live-Hack-CVE/CVE-2022-27516](https://github.com/Live-Hack-CVE/CVE-2022-27516) + +### CVE-2022-27536 (2022-04-20) + + +Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. + + +- [Live-Hack-CVE/CVE-2022-27536](https://github.com/Live-Hack-CVE/CVE-2022-27536) + +### CVE-2022-27638 (2022-11-11) + + +Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-27638](https://github.com/Live-Hack-CVE/CVE-2022-27638) + +### CVE-2022-27639 (2022-11-11) + + +Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. + + +- [Live-Hack-CVE/CVE-2022-27639](https://github.com/Live-Hack-CVE/CVE-2022-27639) ### CVE-2022-27666 (2022-03-23) @@ -4319,6 +4455,22 @@ A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ip - [plummm/CVE-2022-27666](https://github.com/plummm/CVE-2022-27666) +### CVE-2022-27673 (2022-11-09) + + +Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. + + +- [Live-Hack-CVE/CVE-2022-27673](https://github.com/Live-Hack-CVE/CVE-2022-27673) + +### CVE-2022-27674 (2022-11-09) + + +Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. + + +- [Live-Hack-CVE/CVE-2022-27674](https://github.com/Live-Hack-CVE/CVE-2022-27674) + ### CVE-2022-27772 (2022-03-30) @@ -4327,6 +4479,70 @@ A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ip - [puneetbehl/grails3-cve-2022-27772](https://github.com/puneetbehl/grails3-cve-2022-27772) +### CVE-2022-27812 (2022-08-24) + + +Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. + + +- [Live-Hack-CVE/CVE-2022-27812](https://github.com/Live-Hack-CVE/CVE-2022-27812) + +### CVE-2022-27855 (2022-11-08) + + +Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. + + +- [Live-Hack-CVE/CVE-2022-27855](https://github.com/Live-Hack-CVE/CVE-2022-27855) + +### CVE-2022-27858 (2022-11-08) + + +CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. + + +- [Live-Hack-CVE/CVE-2022-27858](https://github.com/Live-Hack-CVE/CVE-2022-27858) + +### CVE-2022-27874 (2022-11-11) + + +Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. + + +- [Live-Hack-CVE/CVE-2022-27874](https://github.com/Live-Hack-CVE/CVE-2022-27874) + +### CVE-2022-27893 (2022-11-04) + + +The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. + + +- [Live-Hack-CVE/CVE-2022-27893](https://github.com/Live-Hack-CVE/CVE-2022-27893) + +### CVE-2022-27895 (2022-11-15) + + +Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. + + +- [Live-Hack-CVE/CVE-2022-27895](https://github.com/Live-Hack-CVE/CVE-2022-27895) + +### CVE-2022-27896 (2022-11-14) + + +Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. + + +- [Live-Hack-CVE/CVE-2022-27896](https://github.com/Live-Hack-CVE/CVE-2022-27896) + +### CVE-2022-27914 (2022-11-08) + + +An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. + + +- [Live-Hack-CVE/CVE-2022-27914](https://github.com/Live-Hack-CVE/CVE-2022-27914) + ### CVE-2022-27927 (2022-04-19) @@ -4335,6 +4551,14 @@ A SQL injection vulnerability exists in Microfinance Management System 1.0 when - [erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated](https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated) +### CVE-2022-27949 (2022-11-14) + + +A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. + + +- [Live-Hack-CVE/CVE-2022-27949](https://github.com/Live-Hack-CVE/CVE-2022-27949) + ### CVE-2022-28077 (2022-05-11) @@ -4391,6 +4615,14 @@ SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plu - [Richard-Tang/SSCMS-PluginShell](https://github.com/Richard-Tang/SSCMS-PluginShell) +### CVE-2022-28126 (2022-11-11) + + +Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-28126](https://github.com/Live-Hack-CVE/CVE-2022-28126) + ### CVE-2022-28132 - [alpernae/CVE-2022-28132](https://github.com/alpernae/CVE-2022-28132) @@ -4421,13 +4653,13 @@ An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 - [ahsentekdemir/CVE-2022-28346](https://github.com/ahsentekdemir/CVE-2022-28346) - [pthlong9991/CVE-2022-28346](https://github.com/pthlong9991/CVE-2022-28346) -### CVE-2022-28389 (2022-04-03) +### CVE-2022-28347 (2022-04-12) -mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. +A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. -- [Live-Hack-CVE/CVE-2022-28389](https://github.com/Live-Hack-CVE/CVE-2022-28389) +- [Live-Hack-CVE/CVE-2022-28347](https://github.com/Live-Hack-CVE/CVE-2022-28347) ### CVE-2022-28452 (2022-04-29) @@ -4470,45 +4702,53 @@ A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugi - [FlaviuPopescu/CVE-2022-28601](https://github.com/FlaviuPopescu/CVE-2022-28601) -### CVE-2022-28607 (2022-12-01) +### CVE-2022-28611 (2022-11-11) -An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. +Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. -- [Live-Hack-CVE/CVE-2022-28607](https://github.com/Live-Hack-CVE/CVE-2022-28607) +- [Live-Hack-CVE/CVE-2022-28611](https://github.com/Live-Hack-CVE/CVE-2022-28611) -### CVE-2022-28738 (2022-05-09) +### CVE-2022-28667 (2022-11-11) -A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. +Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. -- [Live-Hack-CVE/CVE-2022-28738](https://github.com/Live-Hack-CVE/CVE-2022-28738) +- [Live-Hack-CVE/CVE-2022-28667](https://github.com/Live-Hack-CVE/CVE-2022-28667) -### CVE-2022-28766 (2022-11-17) +### CVE-2022-28689 (2022-11-09) -Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. +A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. -- [Live-Hack-CVE/CVE-2022-28766](https://github.com/Live-Hack-CVE/CVE-2022-28766) +- [Live-Hack-CVE/CVE-2022-28689](https://github.com/Live-Hack-CVE/CVE-2022-28689) -### CVE-2022-28768 (2022-11-17) +### CVE-2022-28739 (2022-05-09) -The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. +There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. -- [Live-Hack-CVE/CVE-2022-28768](https://github.com/Live-Hack-CVE/CVE-2022-28768) +- [Live-Hack-CVE/CVE-2022-28739](https://github.com/Live-Hack-CVE/CVE-2022-28739) -### CVE-2022-28805 (2022-04-08) +### CVE-2022-28764 (2022-11-14) -singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. +The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. -- [Live-Hack-CVE/CVE-2022-28805](https://github.com/Live-Hack-CVE/CVE-2022-28805) +- [Live-Hack-CVE/CVE-2022-28764](https://github.com/Live-Hack-CVE/CVE-2022-28764) + +### CVE-2022-28892 (2022-04-28) + + +Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. + + +- [Live-Hack-CVE/CVE-2022-28892](https://github.com/Live-Hack-CVE/CVE-2022-28892) ### CVE-2022-28943 - [zhefox/CVE-2022-28943](https://github.com/zhefox/CVE-2022-28943) @@ -4587,13 +4827,13 @@ Multiple SQL injection vulnerabilities via the username and password parameters - [tiktb8/CVE-2022-29072](https://github.com/tiktb8/CVE-2022-29072) - [sentinelblue/CVE-2022-29072](https://github.com/sentinelblue/CVE-2022-29072) -### CVE-2022-29218 (2022-05-12) +### CVE-2022-29078 (2022-04-25) -RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue. +The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). -- [Live-Hack-CVE/CVE-2022-29218](https://github.com/Live-Hack-CVE/CVE-2022-29218) +- [Live-Hack-CVE/CVE-2022-29078](https://github.com/Live-Hack-CVE/CVE-2022-29078) ### CVE-2022-29221 (2022-05-24) @@ -4603,62 +4843,6 @@ Smarty is a template engine for PHP, facilitating the separation of presentation - [sbani/CVE-2022-29221-PoC](https://github.com/sbani/CVE-2022-29221-PoC) -### CVE-2022-29248 (2022-05-25) - - -Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware. - - -- [Live-Hack-CVE/CVE-2022-29248](https://github.com/Live-Hack-CVE/CVE-2022-29248) - -### CVE-2022-29275 (2022-11-15) - - -In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058 - - -- [Live-Hack-CVE/CVE-2022-29275](https://github.com/Live-Hack-CVE/CVE-2022-29275) - -### CVE-2022-29276 (2022-11-15) - - -SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059 - - -- [Live-Hack-CVE/CVE-2022-29276](https://github.com/Live-Hack-CVE/CVE-2022-29276) - -### CVE-2022-29277 (2022-11-15) - - -Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060 - - -- [Live-Hack-CVE/CVE-2022-29277](https://github.com/Live-Hack-CVE/CVE-2022-29277) - -### CVE-2022-29278 (2022-11-15) - - -Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061 - - -- [Live-Hack-CVE/CVE-2022-29278](https://github.com/Live-Hack-CVE/CVE-2022-29278) - -### CVE-2022-29279 (2022-11-15) - - -Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062 - - -- [Live-Hack-CVE/CVE-2022-29279](https://github.com/Live-Hack-CVE/CVE-2022-29279) - -### CVE-2022-29281 (2022-04-15) - - -Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). - - -- [Live-Hack-CVE/CVE-2022-29281](https://github.com/Live-Hack-CVE/CVE-2022-29281) - ### CVE-2022-29303 (2022-05-12) @@ -4701,6 +4885,14 @@ DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elem - [GULL2100/Wordpress_xss-CVE-2022-29455](https://github.com/GULL2100/Wordpress_xss-CVE-2022-29455) +### CVE-2022-29458 (2022-04-18) + + +ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. + + +- [Live-Hack-CVE/CVE-2022-29458](https://github.com/Live-Hack-CVE/CVE-2022-29458) + ### CVE-2022-29464 (2022-04-18) @@ -4724,6 +4916,38 @@ Certain WSO2 products allow unrestricted file upload with resultant remote code - [jimidk/Better-CVE-2022-29464](https://github.com/jimidk/Better-CVE-2022-29464) - [electr0lulz/Mass-exploit-CVE-2022-29464](https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464) +### CVE-2022-29466 (2022-11-11) + + +Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. + + +- [Live-Hack-CVE/CVE-2022-29466](https://github.com/Live-Hack-CVE/CVE-2022-29466) + +### CVE-2022-29481 (2022-11-09) + + +A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. + + +- [Live-Hack-CVE/CVE-2022-29481](https://github.com/Live-Hack-CVE/CVE-2022-29481) + +### CVE-2022-29486 (2022-11-11) + + +Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. + + +- [Live-Hack-CVE/CVE-2022-29486](https://github.com/Live-Hack-CVE/CVE-2022-29486) + +### CVE-2022-29515 (2022-11-11) + + +Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. + + +- [Live-Hack-CVE/CVE-2022-29515](https://github.com/Live-Hack-CVE/CVE-2022-29515) + ### CVE-2022-29548 (2022-04-20) @@ -4731,7 +4955,6 @@ A reflected XSS issue exists in the Management Console of several WSO2 products. - [cxosmo/CVE-2022-29548](https://github.com/cxosmo/CVE-2022-29548) -- [Live-Hack-CVE/CVE-2022-29548](https://github.com/Live-Hack-CVE/CVE-2022-29548) ### CVE-2022-29551 - [ComparedArray/printix-CVE-2022-29551](https://github.com/ComparedArray/printix-CVE-2022-29551) @@ -4769,6 +4992,14 @@ Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an re - [TheGetch/CVE-2022-29598](https://github.com/TheGetch/CVE-2022-29598) +### CVE-2022-29620 (2022-06-07) + + +** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability. + + +- [Live-Hack-CVE/CVE-2022-29620](https://github.com/Live-Hack-CVE/CVE-2022-29620) + ### CVE-2022-29622 (2022-05-16) @@ -4785,77 +5016,13 @@ An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to - [TyeYeah/DIR-890L-1.20-RCE](https://github.com/TyeYeah/DIR-890L-1.20-RCE) -### CVE-2022-29825 (2022-11-24) +### CVE-2022-29824 (2022-05-02) -Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. +In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. -- [Live-Hack-CVE/CVE-2022-29825](https://github.com/Live-Hack-CVE/CVE-2022-29825) - -### CVE-2022-29826 (2022-11-24) - - -Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. - - -- [Live-Hack-CVE/CVE-2022-29826](https://github.com/Live-Hack-CVE/CVE-2022-29826) - -### CVE-2022-29827 (2022-11-24) - - -Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. - - -- [Live-Hack-CVE/CVE-2022-29827](https://github.com/Live-Hack-CVE/CVE-2022-29827) - -### CVE-2022-29828 (2022-11-24) - - -Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. - - -- [Live-Hack-CVE/CVE-2022-29828](https://github.com/Live-Hack-CVE/CVE-2022-29828) - -### CVE-2022-29829 (2022-11-24) - - -Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally. - - -- [Live-Hack-CVE/CVE-2022-29829](https://github.com/Live-Hack-CVE/CVE-2022-29829) - -### CVE-2022-29830 (2022-11-24) - - -Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally. - - -- [Live-Hack-CVE/CVE-2022-29830](https://github.com/Live-Hack-CVE/CVE-2022-29830) - -### CVE-2022-29831 (2022-11-24) - - -Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules. - - -- [Live-Hack-CVE/CVE-2022-29831](https://github.com/Live-Hack-CVE/CVE-2022-29831) - -### CVE-2022-29832 (2022-11-24) - - -Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules. - - -- [Live-Hack-CVE/CVE-2022-29832](https://github.com/Live-Hack-CVE/CVE-2022-29832) - -### CVE-2022-29833 (2022-11-24) - - -Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illgally. - - -- [Live-Hack-CVE/CVE-2022-29833](https://github.com/Live-Hack-CVE/CVE-2022-29833) +- [Live-Hack-CVE/CVE-2022-29824](https://github.com/Live-Hack-CVE/CVE-2022-29824) ### CVE-2022-29885 (2022-05-12) @@ -4864,14 +5031,23 @@ The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20 - [quynhlab/CVE-2022-29885](https://github.com/quynhlab/CVE-2022-29885) +- [Live-Hack-CVE/CVE-2022-29885](https://github.com/Live-Hack-CVE/CVE-2022-29885) -### CVE-2022-29930 (2022-05-12) +### CVE-2022-29888 (2022-11-09) -SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. +A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. -- [Live-Hack-CVE/CVE-2022-29930](https://github.com/Live-Hack-CVE/CVE-2022-29930) +- [Live-Hack-CVE/CVE-2022-29888](https://github.com/Live-Hack-CVE/CVE-2022-29888) + +### CVE-2022-29893 (2022-11-11) + + +Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. + + +- [Live-Hack-CVE/CVE-2022-29893](https://github.com/Live-Hack-CVE/CVE-2022-29893) ### CVE-2022-29932 (2022-05-11) @@ -4881,6 +5057,14 @@ The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenti - [Off3nS3c/CVE-2022-29932](https://github.com/Off3nS3c/CVE-2022-29932) +### CVE-2022-29959 (2022-08-16) + + +Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism. + + +- [Live-Hack-CVE/CVE-2022-29959](https://github.com/Live-Hack-CVE/CVE-2022-29959) + ### CVE-2022-29968 (2022-05-02) @@ -4889,6 +5073,14 @@ An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in f - [jprx/CVE-2022-29968](https://github.com/jprx/CVE-2022-29968) +### CVE-2022-29970 (2022-05-02) + + +Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. + + +- [Live-Hack-CVE/CVE-2022-29970](https://github.com/Live-Hack-CVE/CVE-2022-29970) + ### CVE-2022-30006 - [ComparedArray/printix-CVE-2022-30006](https://github.com/ComparedArray/printix-CVE-2022-30006) @@ -4992,38 +5184,6 @@ Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerabi - [ethicalblue/Follina-CVE-2022-30190-Sample](https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample) - [Gra3s/CVE-2022-30190-Follina-PowerPoint-Version](https://github.com/Gra3s/CVE-2022-30190-Follina-PowerPoint-Version) -### CVE-2022-30256 (2022-11-18) - - -An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names. - - -- [Live-Hack-CVE/CVE-2022-30256](https://github.com/Live-Hack-CVE/CVE-2022-30256) - -### CVE-2022-30257 (2022-11-21) - - -An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names. - - -- [Live-Hack-CVE/CVE-2022-30257](https://github.com/Live-Hack-CVE/CVE-2022-30257) - -### CVE-2022-30258 (2022-11-21) - - -An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names. - - -- [Live-Hack-CVE/CVE-2022-30258](https://github.com/Live-Hack-CVE/CVE-2022-30258) - -### CVE-2022-30283 (2022-11-15) - - -In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063 - - -- [Live-Hack-CVE/CVE-2022-30283](https://github.com/Live-Hack-CVE/CVE-2022-30283) - ### CVE-2022-30292 (2022-05-04) @@ -5032,6 +5192,14 @@ Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a cer - [sprushed/CVE-2022-30292](https://github.com/sprushed/CVE-2022-30292) +### CVE-2022-30297 (2022-11-11) + + +Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-30297](https://github.com/Live-Hack-CVE/CVE-2022-30297) + ### CVE-2022-30321 (2022-05-25) @@ -5056,6 +5224,30 @@ go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP - [Live-Hack-CVE/CVE-2022-30323](https://github.com/Live-Hack-CVE/CVE-2022-30323) +### CVE-2022-30331 (2022-09-05) + + +** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected." + + +- [Live-Hack-CVE/CVE-2022-30331](https://github.com/Live-Hack-CVE/CVE-2022-30331) + +### CVE-2022-30459 (2022-05-24) + + +ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. + + +- [Live-Hack-CVE/CVE-2022-30459](https://github.com/Live-Hack-CVE/CVE-2022-30459) + +### CVE-2022-30464 (2022-05-24) + + +ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. + + +- [Live-Hack-CVE/CVE-2022-30464](https://github.com/Live-Hack-CVE/CVE-2022-30464) + ### CVE-2022-30489 (2022-05-13) @@ -5105,6 +5297,14 @@ School Dormitory Management System v1.0 is vulnerable to reflected cross-site sc - [bigzooooz/CVE-2022-30514](https://github.com/bigzooooz/CVE-2022-30514) +### CVE-2022-30515 (2022-11-08) + + +ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. + + +- [Live-Hack-CVE/CVE-2022-30515](https://github.com/Live-Hack-CVE/CVE-2022-30515) + ### CVE-2022-30525 (2022-05-12) @@ -5126,21 +5326,37 @@ A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) - [furkanzengin/CVE-2022-30525](https://github.com/furkanzengin/CVE-2022-30525) - [ProngedFork/CVE-2022-30525](https://github.com/ProngedFork/CVE-2022-30525) -### CVE-2022-30528 (2022-12-01) +### CVE-2022-30542 (2022-11-11) -SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. +Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-30528](https://github.com/Live-Hack-CVE/CVE-2022-30528) +- [Live-Hack-CVE/CVE-2022-30542](https://github.com/Live-Hack-CVE/CVE-2022-30542) -### CVE-2022-30529 (2022-11-21) +### CVE-2022-30543 (2022-11-09) -File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. +A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. -- [Live-Hack-CVE/CVE-2022-30529](https://github.com/Live-Hack-CVE/CVE-2022-30529) +- [Live-Hack-CVE/CVE-2022-30543](https://github.com/Live-Hack-CVE/CVE-2022-30543) + +### CVE-2022-30545 (2022-11-08) + + +Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. + + +- [Live-Hack-CVE/CVE-2022-30545](https://github.com/Live-Hack-CVE/CVE-2022-30545) + +### CVE-2022-30548 (2022-11-11) + + +Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-30548](https://github.com/Live-Hack-CVE/CVE-2022-30548) ### CVE-2022-30591 (2022-07-06) @@ -5150,21 +5366,53 @@ File upload vulnerability in asith-eranga ISIC tour booking through version publ - [efchatz/QUIC-attacks](https://github.com/efchatz/QUIC-attacks) -### CVE-2022-30771 (2022-11-15) +### CVE-2022-30674 (2022-09-16) -Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064 +Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. -- [Live-Hack-CVE/CVE-2022-30771](https://github.com/Live-Hack-CVE/CVE-2022-30771) +- [Live-Hack-CVE/CVE-2022-30674](https://github.com/Live-Hack-CVE/CVE-2022-30674) -### CVE-2022-30772 (2022-11-15) +### CVE-2022-30691 (2022-11-11) -Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 +Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. -- [Live-Hack-CVE/CVE-2022-30772](https://github.com/Live-Hack-CVE/CVE-2022-30772) +- [Live-Hack-CVE/CVE-2022-30691](https://github.com/Live-Hack-CVE/CVE-2022-30691) + +### CVE-2022-30768 (2022-11-15) + + +A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method. + + +- [Live-Hack-CVE/CVE-2022-30768](https://github.com/Live-Hack-CVE/CVE-2022-30768) + +### CVE-2022-30769 (2022-11-15) + + +Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. + + +- [Live-Hack-CVE/CVE-2022-30769](https://github.com/Live-Hack-CVE/CVE-2022-30769) + +### CVE-2022-30773 (2022-11-14) + + +DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 + + +- [Live-Hack-CVE/CVE-2022-30773](https://github.com/Live-Hack-CVE/CVE-2022-30773) + +### CVE-2022-30774 (2022-11-14) + + +DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043 + + +- [Live-Hack-CVE/CVE-2022-30774](https://github.com/Live-Hack-CVE/CVE-2022-30774) ### CVE-2022-30778 - [kang8/CVE-2022-30778](https://github.com/kang8/CVE-2022-30778) @@ -5184,78 +5432,71 @@ Gitea before 1.16.7 does not escape git fetch remote. - [wuhan005/CVE-2022-30781](https://github.com/wuhan005/CVE-2022-30781) +- [Live-Hack-CVE/CVE-2022-30781](https://github.com/Live-Hack-CVE/CVE-2022-30781) -### CVE-2022-31003 (2022-05-31) +### CVE-2022-30875 (2022-06-08) -Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. +Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. -- [Live-Hack-CVE/CVE-2022-31003](https://github.com/Live-Hack-CVE/CVE-2022-31003) +- [Live-Hack-CVE/CVE-2022-30875](https://github.com/Live-Hack-CVE/CVE-2022-30875) -### CVE-2022-31030 (2022-06-06) +### CVE-2022-30945 (2022-05-17) -containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. +Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. -- [Live-Hack-CVE/CVE-2022-31030](https://github.com/Live-Hack-CVE/CVE-2022-31030) +- [Live-Hack-CVE/CVE-2022-30945](https://github.com/Live-Hack-CVE/CVE-2022-30945) -### CVE-2022-31033 (2022-06-09) +### CVE-2022-30952 (2022-05-17) -The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. +Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. -- [Live-Hack-CVE/CVE-2022-31033](https://github.com/Live-Hack-CVE/CVE-2022-31033) +- [Live-Hack-CVE/CVE-2022-30952](https://github.com/Live-Hack-CVE/CVE-2022-30952) -### CVE-2022-31042 (2022-06-09) +### CVE-2022-31001 (2022-05-31) -Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. +Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. -- [Live-Hack-CVE/CVE-2022-31042](https://github.com/Live-Hack-CVE/CVE-2022-31042) +- [Live-Hack-CVE/CVE-2022-31001](https://github.com/Live-Hack-CVE/CVE-2022-31001) -### CVE-2022-31043 (2022-06-09) +### CVE-2022-31002 (2022-05-31) -Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. +Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. -- [Live-Hack-CVE/CVE-2022-31043](https://github.com/Live-Hack-CVE/CVE-2022-31043) +- [Live-Hack-CVE/CVE-2022-31002](https://github.com/Live-Hack-CVE/CVE-2022-31002) -### CVE-2022-31091 (2022-06-27) +### CVE-2022-31031 (2022-06-07) -Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together. +PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. -- [Live-Hack-CVE/CVE-2022-31091](https://github.com/Live-Hack-CVE/CVE-2022-31091) +- [Live-Hack-CVE/CVE-2022-31031](https://github.com/Live-Hack-CVE/CVE-2022-31031) -### CVE-2022-31097 (2022-07-15) +### CVE-2022-31199 (2022-11-07) -Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. +Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors. -- [Live-Hack-CVE/CVE-2022-31097](https://github.com/Live-Hack-CVE/CVE-2022-31097) +- [Live-Hack-CVE/CVE-2022-31199](https://github.com/Live-Hack-CVE/CVE-2022-31199) -### CVE-2022-31123 (2022-10-13) +### CVE-2022-31243 (2022-11-14) -Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources. +Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044 -- [Live-Hack-CVE/CVE-2022-31123](https://github.com/Live-Hack-CVE/CVE-2022-31123) - -### CVE-2022-31197 (2022-08-03) - - -PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue. - - -- [Live-Hack-CVE/CVE-2022-31197](https://github.com/Live-Hack-CVE/CVE-2022-31197) +- [Live-Hack-CVE/CVE-2022-31243](https://github.com/Live-Hack-CVE/CVE-2022-31243) ### CVE-2022-31245 (2022-05-20) @@ -5265,6 +5506,30 @@ mailcow before 2022-05d allows a remote authenticated user to inject OS commands - [ly1g3/Mailcow-CVE-2022-31245](https://github.com/ly1g3/Mailcow-CVE-2022-31245) +### CVE-2022-31250 (2022-07-20) + + +A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. + + +- [Live-Hack-CVE/CVE-2022-31250](https://github.com/Live-Hack-CVE/CVE-2022-31250) + +### CVE-2022-31253 (2022-11-09) + + +A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1. + + +- [Live-Hack-CVE/CVE-2022-31253](https://github.com/Live-Hack-CVE/CVE-2022-31253) + +### CVE-2022-31255 (2022-11-10) + + +An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. + + +- [Live-Hack-CVE/CVE-2022-31255](https://github.com/Live-Hack-CVE/CVE-2022-31255) + ### CVE-2022-31294 (2022-06-16) @@ -5324,14 +5589,6 @@ Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnera - [bigzooooz/CVE-2022-31301](https://github.com/bigzooooz/CVE-2022-31301) -### CVE-2022-31325 (2022-06-08) - - -There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. - - -- [Live-Hack-CVE/CVE-2022-31325](https://github.com/Live-Hack-CVE/CVE-2022-31325) - ### CVE-2022-31402 (2022-06-10) @@ -5348,120 +5605,72 @@ ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability - [IbrahimEkimIsik/CVE-2022-31403](https://github.com/IbrahimEkimIsik/CVE-2022-31403) -### CVE-2022-31606 (2022-11-18) +### CVE-2022-31676 (2022-08-23) -NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. +VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. -- [Live-Hack-CVE/CVE-2022-31606](https://github.com/Live-Hack-CVE/CVE-2022-31606) +- [Live-Hack-CVE/CVE-2022-31676](https://github.com/Live-Hack-CVE/CVE-2022-31676) -### CVE-2022-31607 (2022-11-18) +### CVE-2022-31685 (2022-11-09) -NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. +VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. -- [Live-Hack-CVE/CVE-2022-31607](https://github.com/Live-Hack-CVE/CVE-2022-31607) +- [Live-Hack-CVE/CVE-2022-31685](https://github.com/Live-Hack-CVE/CVE-2022-31685) -### CVE-2022-31608 (2022-11-18) +### CVE-2022-31686 (2022-11-09) -NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. +VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. -- [Live-Hack-CVE/CVE-2022-31608](https://github.com/Live-Hack-CVE/CVE-2022-31608) +- [Live-Hack-CVE/CVE-2022-31686](https://github.com/Live-Hack-CVE/CVE-2022-31686) -### CVE-2022-31610 (2022-11-18) +### CVE-2022-31687 (2022-11-09) -NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. +VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. -- [Live-Hack-CVE/CVE-2022-31610](https://github.com/Live-Hack-CVE/CVE-2022-31610) +- [Live-Hack-CVE/CVE-2022-31687](https://github.com/Live-Hack-CVE/CVE-2022-31687) -### CVE-2022-31612 (2022-11-18) +### CVE-2022-31688 (2022-11-09) -NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. +VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. -- [Live-Hack-CVE/CVE-2022-31612](https://github.com/Live-Hack-CVE/CVE-2022-31612) +- [Live-Hack-CVE/CVE-2022-31688](https://github.com/Live-Hack-CVE/CVE-2022-31688) -### CVE-2022-31613 (2022-11-18) +### CVE-2022-31689 (2022-11-09) -NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. +VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. -- [Live-Hack-CVE/CVE-2022-31613](https://github.com/Live-Hack-CVE/CVE-2022-31613) +- [Live-Hack-CVE/CVE-2022-31689](https://github.com/Live-Hack-CVE/CVE-2022-31689) -### CVE-2022-31615 (2022-11-18) +### CVE-2022-31691 (2022-11-04) -NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. +Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. -- [Live-Hack-CVE/CVE-2022-31615](https://github.com/Live-Hack-CVE/CVE-2022-31615) - -### CVE-2022-31616 (2022-11-18) - - -NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. - - -- [Live-Hack-CVE/CVE-2022-31616](https://github.com/Live-Hack-CVE/CVE-2022-31616) - -### CVE-2022-31617 (2022-11-18) - - -NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. - - -- [Live-Hack-CVE/CVE-2022-31617](https://github.com/Live-Hack-CVE/CVE-2022-31617) - -### CVE-2022-31649 (2022-06-08) - - -ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. - - -- [Live-Hack-CVE/CVE-2022-31649](https://github.com/Live-Hack-CVE/CVE-2022-31649) - -### CVE-2022-31694 (2022-11-18) - - -InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL. - - -- [Live-Hack-CVE/CVE-2022-31694](https://github.com/Live-Hack-CVE/CVE-2022-31694) +- [Live-Hack-CVE/CVE-2022-31691](https://github.com/Live-Hack-CVE/CVE-2022-31691) ### CVE-2022-31749 - [jbaines-r7/hook](https://github.com/jbaines-r7/hook) -### CVE-2022-31777 (2022-11-01) +### CVE-2022-31772 (2022-11-11) -A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. +IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. -- [Live-Hack-CVE/CVE-2022-31777](https://github.com/Live-Hack-CVE/CVE-2022-31777) - -### CVE-2022-31779 (2022-08-10) - - -Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. - - -- [Live-Hack-CVE/CVE-2022-31779](https://github.com/Live-Hack-CVE/CVE-2022-31779) - -### CVE-2022-31877 (2022-11-28) - - -An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. - - -- [Live-Hack-CVE/CVE-2022-31877](https://github.com/Live-Hack-CVE/CVE-2022-31877) +- [Live-Hack-CVE/CVE-2022-31772](https://github.com/Live-Hack-CVE/CVE-2022-31772) ### CVE-2022-31983 (2022-06-01) @@ -5479,14 +5688,6 @@ Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/a - [heavenswill/CVE-2022-32013](https://github.com/heavenswill/CVE-2022-32013) -### CVE-2022-32060 (2022-07-07) - - -An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. - - -- [Live-Hack-CVE/CVE-2022-32060](https://github.com/Live-Hack-CVE/CVE-2022-32060) - ### CVE-2022-32114 (2022-07-13) @@ -5511,37 +5712,45 @@ Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file uploa - [JC175/CVE-2022-32119](https://github.com/JC175/CVE-2022-32119) -### CVE-2022-32212 (2022-07-14) +### CVE-2022-32156 (2022-06-15) -A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.16.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. +In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not affect the Splunk Cloud Platform. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties. The issue requires conditions beyond the control of a potential bad actor such as a machine-in-the-middle attack. Hence, Splunk rates the complexity of the attack as High. -- [Live-Hack-CVE/CVE-2022-32212](https://github.com/Live-Hack-CVE/CVE-2022-32212) +- [Live-Hack-CVE/CVE-2022-32156](https://github.com/Live-Hack-CVE/CVE-2022-32156) -### CVE-2022-32213 (2022-07-14) +### CVE-2022-32177 (2022-10-14) -The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). +In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. -- [Live-Hack-CVE/CVE-2022-32213](https://github.com/Live-Hack-CVE/CVE-2022-32213) +- [Live-Hack-CVE/CVE-2022-32177](https://github.com/Live-Hack-CVE/CVE-2022-32177) -### CVE-2022-32215 (2022-07-14) +### CVE-2022-32266 (2022-11-14) -The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). +DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. -- [Live-Hack-CVE/CVE-2022-32215](https://github.com/Live-Hack-CVE/CVE-2022-32215) +- [Live-Hack-CVE/CVE-2022-32266](https://github.com/Live-Hack-CVE/CVE-2022-32266) -### CVE-2022-32511 (2022-06-06) +### CVE-2022-32267 (2022-11-14) -jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. +DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046 -- [Live-Hack-CVE/CVE-2022-32511](https://github.com/Live-Hack-CVE/CVE-2022-32511) +- [Live-Hack-CVE/CVE-2022-32267](https://github.com/Live-Hack-CVE/CVE-2022-32267) + +### CVE-2022-32268 (2022-06-03) + + +StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. + + +- [Live-Hack-CVE/CVE-2022-32268](https://github.com/Live-Hack-CVE/CVE-2022-32268) ### CVE-2022-32532 (2022-06-28) @@ -5551,29 +5760,221 @@ Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypa - [Lay0us1/CVE-2022-32532](https://github.com/Lay0us1/CVE-2022-32532) -### CVE-2022-32774 (2022-11-21) +### CVE-2022-32569 (2022-11-11) -A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. +Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-32774](https://github.com/Live-Hack-CVE/CVE-2022-32774) +- [Live-Hack-CVE/CVE-2022-32569](https://github.com/Live-Hack-CVE/CVE-2022-32569) -### CVE-2022-32966 (2022-11-28) +### CVE-2022-32587 (2022-11-08) -RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. +Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. -- [Live-Hack-CVE/CVE-2022-32966](https://github.com/Live-Hack-CVE/CVE-2022-32966) +- [Live-Hack-CVE/CVE-2022-32587](https://github.com/Live-Hack-CVE/CVE-2022-32587) -### CVE-2022-32967 (2022-11-28) +### CVE-2022-32588 (2022-11-09) -RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. +An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. -- [Live-Hack-CVE/CVE-2022-32967](https://github.com/Live-Hack-CVE/CVE-2022-32967) +- [Live-Hack-CVE/CVE-2022-32588](https://github.com/Live-Hack-CVE/CVE-2022-32588) + +### CVE-2022-32601 (2022-11-08) + + +In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132. + + +- [Live-Hack-CVE/CVE-2022-32601](https://github.com/Live-Hack-CVE/CVE-2022-32601) + +### CVE-2022-32602 (2022-11-08) + + +In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790. + + +- [Live-Hack-CVE/CVE-2022-32602](https://github.com/Live-Hack-CVE/CVE-2022-32602) + +### CVE-2022-32603 (2022-11-08) + + +In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704. + + +- [Live-Hack-CVE/CVE-2022-32603](https://github.com/Live-Hack-CVE/CVE-2022-32603) + +### CVE-2022-32605 (2022-11-08) + + +In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898. + + +- [Live-Hack-CVE/CVE-2022-32605](https://github.com/Live-Hack-CVE/CVE-2022-32605) + +### CVE-2022-32607 (2022-11-08) + + +In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891. + + +- [Live-Hack-CVE/CVE-2022-32607](https://github.com/Live-Hack-CVE/CVE-2022-32607) + +### CVE-2022-32608 (2022-11-08) + + +In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753. + + +- [Live-Hack-CVE/CVE-2022-32608](https://github.com/Live-Hack-CVE/CVE-2022-32608) + +### CVE-2022-32609 (2022-11-08) + + +In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. + + +- [Live-Hack-CVE/CVE-2022-32609](https://github.com/Live-Hack-CVE/CVE-2022-32609) + +### CVE-2022-32610 (2022-11-08) + + +In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. + + +- [Live-Hack-CVE/CVE-2022-32610](https://github.com/Live-Hack-CVE/CVE-2022-32610) + +### CVE-2022-32611 (2022-11-08) + + +In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373. + + +- [Live-Hack-CVE/CVE-2022-32611](https://github.com/Live-Hack-CVE/CVE-2022-32611) + +### CVE-2022-32612 (2022-11-08) + + +In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. + + +- [Live-Hack-CVE/CVE-2022-32612](https://github.com/Live-Hack-CVE/CVE-2022-32612) + +### CVE-2022-32613 (2022-11-08) + + +In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. + + +- [Live-Hack-CVE/CVE-2022-32613](https://github.com/Live-Hack-CVE/CVE-2022-32613) + +### CVE-2022-32614 (2022-11-08) + + +In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571. + + +- [Live-Hack-CVE/CVE-2022-32614](https://github.com/Live-Hack-CVE/CVE-2022-32614) + +### CVE-2022-32615 (2022-11-08) + + +In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559. + + +- [Live-Hack-CVE/CVE-2022-32615](https://github.com/Live-Hack-CVE/CVE-2022-32615) + +### CVE-2022-32616 (2022-11-08) + + +In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258. + + +- [Live-Hack-CVE/CVE-2022-32616](https://github.com/Live-Hack-CVE/CVE-2022-32616) + +### CVE-2022-32617 (2022-11-08) + + +In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364. + + +- [Live-Hack-CVE/CVE-2022-32617](https://github.com/Live-Hack-CVE/CVE-2022-32617) + +### CVE-2022-32618 (2022-11-08) + + +In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454. + + +- [Live-Hack-CVE/CVE-2022-32618](https://github.com/Live-Hack-CVE/CVE-2022-32618) + +### CVE-2022-32776 (2022-11-08) + + +Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. + + +- [Live-Hack-CVE/CVE-2022-32776](https://github.com/Live-Hack-CVE/CVE-2022-32776) + +### CVE-2022-32814 (2022-09-23) + + +A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. + + +- [Live-Hack-CVE/CVE-2022-32814](https://github.com/Live-Hack-CVE/CVE-2022-32814) + +### CVE-2022-32827 (2022-11-01) + + +A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. + + +- [Live-Hack-CVE/CVE-2022-32827](https://github.com/Live-Hack-CVE/CVE-2022-32827) + +### CVE-2022-32849 (2022-09-23) + + +An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. + + +- [Live-Hack-CVE/CVE-2022-32849](https://github.com/Live-Hack-CVE/CVE-2022-32849) + +### CVE-2022-32854 (2022-09-20) + + +This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. + + +- [Live-Hack-CVE/CVE-2022-32854](https://github.com/Live-Hack-CVE/CVE-2022-32854) + +### CVE-2022-32888 (2022-11-01) + + +An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2022-32888](https://github.com/Live-Hack-CVE/CVE-2022-32888) + +### CVE-2022-32907 (2022-11-01) + + +This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. + + +- [Live-Hack-CVE/CVE-2022-32907](https://github.com/Live-Hack-CVE/CVE-2022-32907) + +### CVE-2022-32923 (2022-11-01) + + +A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. + + +- [Live-Hack-CVE/CVE-2022-32923](https://github.com/Live-Hack-CVE/CVE-2022-32923) ### CVE-2022-32988 (2022-06-30) @@ -5583,45 +5984,165 @@ Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 - [FedericoHeichou/CVE-2022-32988](https://github.com/FedericoHeichou/CVE-2022-32988) -### CVE-2022-33012 (2022-11-22) +### CVE-2022-33176 (2022-11-11) -Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. +Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-33012](https://github.com/Live-Hack-CVE/CVE-2022-33012) +- [Live-Hack-CVE/CVE-2022-33176](https://github.com/Live-Hack-CVE/CVE-2022-33176) -### CVE-2022-33321 (2022-11-08) +### CVE-2022-33234 (2022-11-15) -Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. +Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables -- [Live-Hack-CVE/CVE-2022-33321](https://github.com/Live-Hack-CVE/CVE-2022-33321) +- [Live-Hack-CVE/CVE-2022-33234](https://github.com/Live-Hack-CVE/CVE-2022-33234) -### CVE-2022-33322 (2022-11-08) +### CVE-2022-33236 (2022-11-15) -Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. +Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking -- [Live-Hack-CVE/CVE-2022-33322](https://github.com/Live-Hack-CVE/CVE-2022-33322) +- [Live-Hack-CVE/CVE-2022-33236](https://github.com/Live-Hack-CVE/CVE-2022-33236) -### CVE-2022-33890 (2022-10-03) +### CVE-2022-33237 (2022-11-15) -A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. +Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking -- [Live-Hack-CVE/CVE-2022-33890](https://github.com/Live-Hack-CVE/CVE-2022-33890) +- [Live-Hack-CVE/CVE-2022-33237](https://github.com/Live-Hack-CVE/CVE-2022-33237) -### CVE-2022-34169 (2022-07-19) +### CVE-2022-33239 (2022-11-15) -The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. +Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking -- [Live-Hack-CVE/CVE-2022-34169](https://github.com/Live-Hack-CVE/CVE-2022-34169) +- [Live-Hack-CVE/CVE-2022-33239](https://github.com/Live-Hack-CVE/CVE-2022-33239) + +### CVE-2022-33639 (2022-06-29) + + +Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. + + +- [Live-Hack-CVE/CVE-2022-33639](https://github.com/Live-Hack-CVE/CVE-2022-33639) + +### CVE-2022-33684 (2022-11-04) + + +The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow 'issuer url'. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions. + + +- [Live-Hack-CVE/CVE-2022-33684](https://github.com/Live-Hack-CVE/CVE-2022-33684) + +### CVE-2022-33905 (2022-11-14) + + +DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047 + + +- [Live-Hack-CVE/CVE-2022-33905](https://github.com/Live-Hack-CVE/CVE-2022-33905) + +### CVE-2022-33907 (2022-11-14) + + +DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049 + + +- [Live-Hack-CVE/CVE-2022-33907](https://github.com/Live-Hack-CVE/CVE-2022-33907) + +### CVE-2022-33908 (2022-11-14) + + +DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050 + + +- [Live-Hack-CVE/CVE-2022-33908](https://github.com/Live-Hack-CVE/CVE-2022-33908) + +### CVE-2022-33909 (2022-11-14) + + +DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051 + + +- [Live-Hack-CVE/CVE-2022-33909](https://github.com/Live-Hack-CVE/CVE-2022-33909) + +### CVE-2022-33942 (2022-11-11) + + +Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. + + +- [Live-Hack-CVE/CVE-2022-33942](https://github.com/Live-Hack-CVE/CVE-2022-33942) + +### CVE-2022-33973 (2022-11-11) + + +Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. + + +- [Live-Hack-CVE/CVE-2022-33973](https://github.com/Live-Hack-CVE/CVE-2022-33973) + +### CVE-2022-33982 (2022-11-14) + + +DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367 + + +- [Live-Hack-CVE/CVE-2022-33982](https://github.com/Live-Hack-CVE/CVE-2022-33982) + +### CVE-2022-33983 (2022-11-14) + + +DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053 + + +- [Live-Hack-CVE/CVE-2022-33983](https://github.com/Live-Hack-CVE/CVE-2022-33983) + +### CVE-2022-33984 (2022-11-14) + + +DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054 + + +- [Live-Hack-CVE/CVE-2022-33984](https://github.com/Live-Hack-CVE/CVE-2022-33984) + +### CVE-2022-33985 (2022-11-14) + + +DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055 + + +- [Live-Hack-CVE/CVE-2022-33985](https://github.com/Live-Hack-CVE/CVE-2022-33985) + +### CVE-2022-33986 (2022-11-14) + + +DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056 + + +- [Live-Hack-CVE/CVE-2022-33986](https://github.com/Live-Hack-CVE/CVE-2022-33986) + +### CVE-2022-34000 (2022-06-19) + + +libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. + + +- [Live-Hack-CVE/CVE-2022-34000](https://github.com/Live-Hack-CVE/CVE-2022-34000) + +### CVE-2022-34152 (2022-11-11) + + +Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2022-34152](https://github.com/Live-Hack-CVE/CVE-2022-34152) ### CVE-2022-34298 (2022-06-22) @@ -5639,29 +6160,101 @@ In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 - [zeroc00I/CVE-2022-34305](https://github.com/zeroc00I/CVE-2022-34305) -### CVE-2022-34526 (2022-07-29) +### CVE-2022-34312 (2022-11-14) -A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. +IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. -- [Live-Hack-CVE/CVE-2022-34526](https://github.com/Live-Hack-CVE/CVE-2022-34526) +- [Live-Hack-CVE/CVE-2022-34312](https://github.com/Live-Hack-CVE/CVE-2022-34312) -### CVE-2022-34654 (2022-11-28) +### CVE-2022-34313 (2022-11-14) -Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress. +IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. -- [Live-Hack-CVE/CVE-2022-34654](https://github.com/Live-Hack-CVE/CVE-2022-34654) +- [Live-Hack-CVE/CVE-2022-34313](https://github.com/Live-Hack-CVE/CVE-2022-34313) -### CVE-2022-34665 (2022-11-18) +### CVE-2022-34314 (2022-11-14) -NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. +IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. -- [Live-Hack-CVE/CVE-2022-34665](https://github.com/Live-Hack-CVE/CVE-2022-34665) +- [Live-Hack-CVE/CVE-2022-34314](https://github.com/Live-Hack-CVE/CVE-2022-34314) + +### CVE-2022-34315 (2022-11-14) + + +IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451. + + +- [Live-Hack-CVE/CVE-2022-34315](https://github.com/Live-Hack-CVE/CVE-2022-34315) + +### CVE-2022-34316 (2022-11-14) + + +IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452. + + +- [Live-Hack-CVE/CVE-2022-34316](https://github.com/Live-Hack-CVE/CVE-2022-34316) + +### CVE-2022-34317 (2022-11-14) + + +IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459. + + +- [Live-Hack-CVE/CVE-2022-34317](https://github.com/Live-Hack-CVE/CVE-2022-34317) + +### CVE-2022-34319 (2022-11-14) + + +IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463. + + +- [Live-Hack-CVE/CVE-2022-34319](https://github.com/Live-Hack-CVE/CVE-2022-34319) + +### CVE-2022-34320 (2022-11-14) + + +IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464. + + +- [Live-Hack-CVE/CVE-2022-34320](https://github.com/Live-Hack-CVE/CVE-2022-34320) + +### CVE-2022-34325 (2022-11-14) + + +DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by + + +- [Live-Hack-CVE/CVE-2022-34325](https://github.com/Live-Hack-CVE/CVE-2022-34325) + +### CVE-2022-34329 (2022-11-14) + + +IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467. + + +- [Live-Hack-CVE/CVE-2022-34329](https://github.com/Live-Hack-CVE/CVE-2022-34329) + +### CVE-2022-34331 (2022-11-11) + + +After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. + + +- [Live-Hack-CVE/CVE-2022-34331](https://github.com/Live-Hack-CVE/CVE-2022-34331) + +### CVE-2022-34354 (2022-11-16) + + +IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. + + +- [Live-Hack-CVE/CVE-2022-34354](https://github.com/Live-Hack-CVE/CVE-2022-34354) ### CVE-2022-34666 (2022-11-10) @@ -5671,29 +6264,61 @@ NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the - [Live-Hack-CVE/CVE-2022-34666](https://github.com/Live-Hack-CVE/CVE-2022-34666) -### CVE-2022-34667 (2022-11-18) +### CVE-2022-34730 (2022-09-13) -NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. +Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34732, CVE-2022-34734. -- [Live-Hack-CVE/CVE-2022-34667](https://github.com/Live-Hack-CVE/CVE-2022-34667) +- [Live-Hack-CVE/CVE-2022-34730](https://github.com/Live-Hack-CVE/CVE-2022-34730) -### CVE-2022-34827 (2022-11-18) +### CVE-2022-34732 (2022-09-13) -Carel Boss Mini 1.5.0 has Improper Access Control. +Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34734. -- [Live-Hack-CVE/CVE-2022-34827](https://github.com/Live-Hack-CVE/CVE-2022-34827) +- [Live-Hack-CVE/CVE-2022-34732](https://github.com/Live-Hack-CVE/CVE-2022-34732) -### CVE-2022-34830 (2022-11-22) +### CVE-2022-34734 (2022-09-13) -An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. +Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34732. -- [Live-Hack-CVE/CVE-2022-34830](https://github.com/Live-Hack-CVE/CVE-2022-34830) +- [Live-Hack-CVE/CVE-2022-34734](https://github.com/Live-Hack-CVE/CVE-2022-34734) + +### CVE-2022-34822 (2022-11-08) + + +Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. + + +- [Live-Hack-CVE/CVE-2022-34822](https://github.com/Live-Hack-CVE/CVE-2022-34822) + +### CVE-2022-34823 (2022-11-08) + + +Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. + + +- [Live-Hack-CVE/CVE-2022-34823](https://github.com/Live-Hack-CVE/CVE-2022-34823) + +### CVE-2022-34824 (2022-11-08) + + +Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. + + +- [Live-Hack-CVE/CVE-2022-34824](https://github.com/Live-Hack-CVE/CVE-2022-34824) + +### CVE-2022-34825 (2022-11-08) + + +Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. + + +- [Live-Hack-CVE/CVE-2022-34825](https://github.com/Live-Hack-CVE/CVE-2022-34825) ### CVE-2022-34961 (2022-07-25) @@ -5719,173 +6344,165 @@ OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contai - [bypazs/CVE-2022-34963](https://github.com/bypazs/CVE-2022-34963) -### CVE-2022-35014 (2022-08-29) +### CVE-2022-35276 (2022-11-11) -Advancecomp v2.3 contains a segmentation fault. +Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-35014](https://github.com/Live-Hack-CVE/CVE-2022-35014) +- [Live-Hack-CVE/CVE-2022-35276](https://github.com/Live-Hack-CVE/CVE-2022-35276) -### CVE-2022-35015 (2022-08-29) +### CVE-2022-35279 (2022-11-03) -Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. +"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." -- [Live-Hack-CVE/CVE-2022-35015](https://github.com/Live-Hack-CVE/CVE-2022-35015) +- [Live-Hack-CVE/CVE-2022-35279](https://github.com/Live-Hack-CVE/CVE-2022-35279) -### CVE-2022-35016 (2022-08-29) +### CVE-2022-35613 (2022-11-14) -Advancecomp v2.3 was discovered to contain a heap buffer overflow. +Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). -- [Live-Hack-CVE/CVE-2022-35016](https://github.com/Live-Hack-CVE/CVE-2022-35016) +- [Live-Hack-CVE/CVE-2022-35613](https://github.com/Live-Hack-CVE/CVE-2022-35613) -### CVE-2022-35017 (2022-08-29) +### CVE-2022-35719 (2022-11-14) -Advancecomp v2.3 was discovered to contain a heap buffer overflow. +IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. -- [Live-Hack-CVE/CVE-2022-35017](https://github.com/Live-Hack-CVE/CVE-2022-35017) +- [Live-Hack-CVE/CVE-2022-35719](https://github.com/Live-Hack-CVE/CVE-2022-35719) -### CVE-2022-35018 (2022-08-29) +### CVE-2022-35737 (2022-08-03) -Advancecomp v2.3 was discovered to contain a segmentation fault. +SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. -- [Live-Hack-CVE/CVE-2022-35018](https://github.com/Live-Hack-CVE/CVE-2022-35018) +- [Live-Hack-CVE/CVE-2022-35737](https://github.com/Live-Hack-CVE/CVE-2022-35737) -### CVE-2022-35019 (2022-08-29) +### CVE-2022-35740 (2022-11-10) -Advancecomp v2.3 was discovered to contain a segmentation fault. +dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS's path-based XSS prevention (such as "require login" filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS. -- [Live-Hack-CVE/CVE-2022-35019](https://github.com/Live-Hack-CVE/CVE-2022-35019) +- [Live-Hack-CVE/CVE-2022-35740](https://github.com/Live-Hack-CVE/CVE-2022-35740) -### CVE-2022-35020 (2022-08-29) +### CVE-2022-35812 (2022-08-09) -Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. +Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. -- [Live-Hack-CVE/CVE-2022-35020](https://github.com/Live-Hack-CVE/CVE-2022-35020) +- [Live-Hack-CVE/CVE-2022-35812](https://github.com/Live-Hack-CVE/CVE-2022-35812) -### CVE-2022-35407 (2022-11-21) +### CVE-2022-35837 (2022-09-13) -An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O. +Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006. -- [Live-Hack-CVE/CVE-2022-35407](https://github.com/Live-Hack-CVE/CVE-2022-35407) +- [Live-Hack-CVE/CVE-2022-35837](https://github.com/Live-Hack-CVE/CVE-2022-35837) -### CVE-2022-35500 (2022-11-22) +### CVE-2022-35951 (2022-09-23) -Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. +Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist. -- [Live-Hack-CVE/CVE-2022-35500](https://github.com/Live-Hack-CVE/CVE-2022-35500) +- [Live-Hack-CVE/CVE-2022-35951](https://github.com/Live-Hack-CVE/CVE-2022-35951) -### CVE-2022-35501 (2022-11-23) +### CVE-2022-36022 (2022-11-10) -Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. +Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here. -- [Live-Hack-CVE/CVE-2022-35501](https://github.com/Live-Hack-CVE/CVE-2022-35501) +- [Live-Hack-CVE/CVE-2022-36022](https://github.com/Live-Hack-CVE/CVE-2022-36022) -### CVE-2022-35897 (2022-11-21) +### CVE-2022-36067 (2022-09-06) -An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code. +vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds. -- [Live-Hack-CVE/CVE-2022-35897](https://github.com/Live-Hack-CVE/CVE-2022-35897) +- [Live-Hack-CVE/CVE-2022-36067](https://github.com/Live-Hack-CVE/CVE-2022-36067) -### CVE-2022-36111 (2022-11-23) +### CVE-2022-36077 (2022-11-08) -immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1. +The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround. -- [Live-Hack-CVE/CVE-2022-36111](https://github.com/Live-Hack-CVE/CVE-2022-36111) +- [Live-Hack-CVE/CVE-2022-36077](https://github.com/Live-Hack-CVE/CVE-2022-36077) -### CVE-2022-36133 (2022-11-25) +### CVE-2022-36087 (2022-09-09) -The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. +OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds. -- [Live-Hack-CVE/CVE-2022-36133](https://github.com/Live-Hack-CVE/CVE-2022-36133) +- [Live-Hack-CVE/CVE-2022-36087](https://github.com/Live-Hack-CVE/CVE-2022-36087) -### CVE-2022-36136 (2022-11-28) +### CVE-2022-36349 (2022-11-11) -ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment. +Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access. -- [Live-Hack-CVE/CVE-2022-36136](https://github.com/Live-Hack-CVE/CVE-2022-36136) +- [Live-Hack-CVE/CVE-2022-36349](https://github.com/Live-Hack-CVE/CVE-2022-36349) -### CVE-2022-36137 (2022-11-28) +### CVE-2022-36367 (2022-11-11) -ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader. +Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. -- [Live-Hack-CVE/CVE-2022-36137](https://github.com/Live-Hack-CVE/CVE-2022-36137) +- [Live-Hack-CVE/CVE-2022-36367](https://github.com/Live-Hack-CVE/CVE-2022-36367) -### CVE-2022-36179 (2022-11-21) +### CVE-2022-36370 (2022-11-11) -Fusiondirectory 1.3 suffers from Improper Session Handling. +Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-36179](https://github.com/Live-Hack-CVE/CVE-2022-36179) +- [Live-Hack-CVE/CVE-2022-36370](https://github.com/Live-Hack-CVE/CVE-2022-36370) -### CVE-2022-36180 (2022-11-21) +### CVE-2022-36377 (2022-11-11) -Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. +Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-36180](https://github.com/Live-Hack-CVE/CVE-2022-36180) +- [Live-Hack-CVE/CVE-2022-36377](https://github.com/Live-Hack-CVE/CVE-2022-36377) -### CVE-2022-36193 (2022-11-28) +### CVE-2022-36380 (2022-11-11) -SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. +Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-36193](https://github.com/Live-Hack-CVE/CVE-2022-36193) +- [Live-Hack-CVE/CVE-2022-36380](https://github.com/Live-Hack-CVE/CVE-2022-36380) -### CVE-2022-36337 (2022-11-22) +### CVE-2022-36384 (2022-11-11) -An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code. +Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-36337](https://github.com/Live-Hack-CVE/CVE-2022-36337) +- [Live-Hack-CVE/CVE-2022-36384](https://github.com/Live-Hack-CVE/CVE-2022-36384) -### CVE-2022-36357 (2022-11-17) +### CVE-2022-36400 (2022-11-11) -Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE TABLES plugin <= 1.6.5 on WordPress. +Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-36357](https://github.com/Live-Hack-CVE/CVE-2022-36357) - -### CVE-2022-36431 (2022-12-01) - - -An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1. - - -- [Live-Hack-CVE/CVE-2022-36431](https://github.com/Live-Hack-CVE/CVE-2022-36431) +- [Live-Hack-CVE/CVE-2022-36400](https://github.com/Live-Hack-CVE/CVE-2022-36400) ### CVE-2022-36432 (2022-11-16) @@ -5895,109 +6512,53 @@ The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 use - [Live-Hack-CVE/CVE-2022-36432](https://github.com/Live-Hack-CVE/CVE-2022-36432) -### CVE-2022-36433 (2022-11-29) +### CVE-2022-36776 (2022-11-11) -The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save. +IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. -- [Live-Hack-CVE/CVE-2022-36433](https://github.com/Live-Hack-CVE/CVE-2022-36433) +- [Live-Hack-CVE/CVE-2022-36776](https://github.com/Live-Hack-CVE/CVE-2022-36776) -### CVE-2022-36784 (2022-11-17) +### CVE-2022-36781 (2022-09-28) -Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. +WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a brute force on the session code in order to get in. Sensitive data about the company , get in a session. -- [Live-Hack-CVE/CVE-2022-36784](https://github.com/Live-Hack-CVE/CVE-2022-36784) +- [Live-Hack-CVE/CVE-2022-36781](https://github.com/Live-Hack-CVE/CVE-2022-36781) -### CVE-2022-36785 (2022-11-17) +### CVE-2022-36789 (2022-11-11) -D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at *Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface. +Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-36785](https://github.com/Live-Hack-CVE/CVE-2022-36785) +- [Live-Hack-CVE/CVE-2022-36789](https://github.com/Live-Hack-CVE/CVE-2022-36789) -### CVE-2022-36786 (2022-11-17) +### CVE-2022-36938 (2022-11-10) -DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. +DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file. -- [Live-Hack-CVE/CVE-2022-36786](https://github.com/Live-Hack-CVE/CVE-2022-36786) +- [Live-Hack-CVE/CVE-2022-36938](https://github.com/Live-Hack-CVE/CVE-2022-36938) -### CVE-2022-36787 (2022-11-17) +### CVE-2022-37015 (2022-11-08) -Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. +Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. -- [Live-Hack-CVE/CVE-2022-36787](https://github.com/Live-Hack-CVE/CVE-2022-36787) +- [Live-Hack-CVE/CVE-2022-37015](https://github.com/Live-Hack-CVE/CVE-2022-37015) -### CVE-2022-36924 (2022-11-17) +### CVE-2022-37109 (2022-11-14) -The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. +patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie. -- [Live-Hack-CVE/CVE-2022-36924](https://github.com/Live-Hack-CVE/CVE-2022-36924) - -### CVE-2022-36960 (2022-11-29) - - -SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. - - -- [Live-Hack-CVE/CVE-2022-36960](https://github.com/Live-Hack-CVE/CVE-2022-36960) - -### CVE-2022-36962 (2022-11-29) - - -SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. - - -- [Live-Hack-CVE/CVE-2022-36962](https://github.com/Live-Hack-CVE/CVE-2022-36962) - -### CVE-2022-36964 (2022-11-29) - - -SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. - - -- [Live-Hack-CVE/CVE-2022-36964](https://github.com/Live-Hack-CVE/CVE-2022-36964) - -### CVE-2022-37016 (2022-12-01) - - -Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. - - -- [Live-Hack-CVE/CVE-2022-37016](https://github.com/Live-Hack-CVE/CVE-2022-37016) - -### CVE-2022-37017 (2022-12-01) - - -Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. - - -- [Live-Hack-CVE/CVE-2022-37017](https://github.com/Live-Hack-CVE/CVE-2022-37017) - -### CVE-2022-37032 (2022-09-19) - - -An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. - - -- [Live-Hack-CVE/CVE-2022-37032](https://github.com/Live-Hack-CVE/CVE-2022-37032) - -### CVE-2022-37197 (2022-11-18) - - -IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. - - -- [Live-Hack-CVE/CVE-2022-37197](https://github.com/Live-Hack-CVE/CVE-2022-37197) +- [Live-Hack-CVE/CVE-2022-37109](https://github.com/Live-Hack-CVE/CVE-2022-37109) ### CVE-2022-37290 (2022-11-14) @@ -6007,125 +6568,285 @@ GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename applicati - [Live-Hack-CVE/CVE-2022-37290](https://github.com/Live-Hack-CVE/CVE-2022-37290) -### CVE-2022-37301 (2022-11-22) +### CVE-2022-37334 (2022-11-11) -A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) +Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-37301](https://github.com/Live-Hack-CVE/CVE-2022-37301) +- [Live-Hack-CVE/CVE-2022-37334](https://github.com/Live-Hack-CVE/CVE-2022-37334) -### CVE-2022-37332 (2022-11-21) +### CVE-2022-37345 (2022-11-11) -A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. +Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-37332](https://github.com/Live-Hack-CVE/CVE-2022-37332) +- [Live-Hack-CVE/CVE-2022-37345](https://github.com/Live-Hack-CVE/CVE-2022-37345) -### CVE-2022-37421 (2022-11-22) +### CVE-2022-37434 (2022-08-05) -Silverstripe silverstripe/cms through 4.11.0 allows XSS. +zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). -- [Live-Hack-CVE/CVE-2022-37421](https://github.com/Live-Hack-CVE/CVE-2022-37421) +- [Live-Hack-CVE/CVE-2022-37434](https://github.com/Live-Hack-CVE/CVE-2022-37434) -### CVE-2022-37429 (2022-11-22) +### CVE-2022-37601 (2022-10-12) -Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. +Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js. -- [Live-Hack-CVE/CVE-2022-37429](https://github.com/Live-Hack-CVE/CVE-2022-37429) +- [Live-Hack-CVE/CVE-2022-37601](https://github.com/Live-Hack-CVE/CVE-2022-37601) -### CVE-2022-37430 (2022-11-22) +### CVE-2022-37603 (2022-10-14) -Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). +A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. -- [Live-Hack-CVE/CVE-2022-37430](https://github.com/Live-Hack-CVE/CVE-2022-37430) +- [Live-Hack-CVE/CVE-2022-37603](https://github.com/Live-Hack-CVE/CVE-2022-37603) -### CVE-2022-37598 (2022-10-20) +### CVE-2022-37616 (2022-10-11) -** DISPUTED ** Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report. +** DISPUTED ** A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid." -- [Live-Hack-CVE/CVE-2022-37598](https://github.com/Live-Hack-CVE/CVE-2022-37598) +- [Live-Hack-CVE/CVE-2022-37616](https://github.com/Live-Hack-CVE/CVE-2022-37616) -### CVE-2022-37599 (2022-10-11) +### CVE-2022-37623 (2022-10-31) -A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. +Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js. -- [Live-Hack-CVE/CVE-2022-37599](https://github.com/Live-Hack-CVE/CVE-2022-37599) +- [Live-Hack-CVE/CVE-2022-37623](https://github.com/Live-Hack-CVE/CVE-2022-37623) -### CVE-2022-37720 (2022-11-25) +### CVE-2022-37661 (2022-09-14) -Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. +SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. -- [Live-Hack-CVE/CVE-2022-37720](https://github.com/Live-Hack-CVE/CVE-2022-37720) +- [Live-Hack-CVE/CVE-2022-37661](https://github.com/Live-Hack-CVE/CVE-2022-37661) -### CVE-2022-37721 (2022-11-25) +### CVE-2022-37680 (2022-08-29) -PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. +An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue. -- [Live-Hack-CVE/CVE-2022-37721](https://github.com/Live-Hack-CVE/CVE-2022-37721) +- [Live-Hack-CVE/CVE-2022-37680](https://github.com/Live-Hack-CVE/CVE-2022-37680) -### CVE-2022-37772 (2022-11-22) +### CVE-2022-37681 (2022-08-29) -Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. +Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue. -- [Live-Hack-CVE/CVE-2022-37772](https://github.com/Live-Hack-CVE/CVE-2022-37772) +- [Live-Hack-CVE/CVE-2022-37681](https://github.com/Live-Hack-CVE/CVE-2022-37681) -### CVE-2022-37773 (2022-11-22) +### CVE-2022-37710 (2022-11-06) -An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. +Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. -- [Live-Hack-CVE/CVE-2022-37773](https://github.com/Live-Hack-CVE/CVE-2022-37773) +- [Live-Hack-CVE/CVE-2022-37710](https://github.com/Live-Hack-CVE/CVE-2022-37710) -### CVE-2022-37774 (2022-11-22) +### CVE-2022-37860 (2022-09-12) -There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. +The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. -- [Live-Hack-CVE/CVE-2022-37774](https://github.com/Live-Hack-CVE/CVE-2022-37774) +- [Live-Hack-CVE/CVE-2022-37860](https://github.com/Live-Hack-CVE/CVE-2022-37860) -### CVE-2022-37797 (2022-09-12) +### CVE-2022-37865 (2022-11-07) -In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. +With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1. -- [Live-Hack-CVE/CVE-2022-37797](https://github.com/Live-Hack-CVE/CVE-2022-37797) +- [Live-Hack-CVE/CVE-2022-37865](https://github.com/Live-Hack-CVE/CVE-2022-37865) -### CVE-2022-37931 (2022-11-21) +### CVE-2022-37866 (2022-11-07) -A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. +When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1. -- [Live-Hack-CVE/CVE-2022-37931](https://github.com/Live-Hack-CVE/CVE-2022-37931) +- [Live-Hack-CVE/CVE-2022-37866](https://github.com/Live-Hack-CVE/CVE-2022-37866) -### CVE-2022-38045 (2022-10-11) +### CVE-2022-37887 (2022-10-07) -Server Service Remote Protocol Elevation of Privilege Vulnerability. +There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. -- [Live-Hack-CVE/CVE-2022-38045](https://github.com/Live-Hack-CVE/CVE-2022-38045) +- [Live-Hack-CVE/CVE-2022-37887](https://github.com/Live-Hack-CVE/CVE-2022-37887) + +### CVE-2022-37889 (2022-10-07) + + +There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. + + +- [Live-Hack-CVE/CVE-2022-37889](https://github.com/Live-Hack-CVE/CVE-2022-37889) + +### CVE-2022-37890 (2022-10-07) + + +Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. + + +- [Live-Hack-CVE/CVE-2022-37890](https://github.com/Live-Hack-CVE/CVE-2022-37890) + +### CVE-2022-37891 (2022-10-07) + + +Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. + + +- [Live-Hack-CVE/CVE-2022-37891](https://github.com/Live-Hack-CVE/CVE-2022-37891) + +### CVE-2022-37892 (2022-10-07) + + +A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability. + + +- [Live-Hack-CVE/CVE-2022-37892](https://github.com/Live-Hack-CVE/CVE-2022-37892) + +### CVE-2022-37893 (2022-10-07) + + +An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. + + +- [Live-Hack-CVE/CVE-2022-37893](https://github.com/Live-Hack-CVE/CVE-2022-37893) + +### CVE-2022-37894 (2022-10-07) + + +An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. + + +- [Live-Hack-CVE/CVE-2022-37894](https://github.com/Live-Hack-CVE/CVE-2022-37894) + +### CVE-2022-37895 (2022-10-07) + + +An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. + + +- [Live-Hack-CVE/CVE-2022-37895](https://github.com/Live-Hack-CVE/CVE-2022-37895) + +### CVE-2022-37896 (2022-10-07) + + +A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. + + +- [Live-Hack-CVE/CVE-2022-37896](https://github.com/Live-Hack-CVE/CVE-2022-37896) + +### CVE-2022-37973 (2022-10-11) + + +Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37998. + + +- [Live-Hack-CVE/CVE-2022-37973](https://github.com/Live-Hack-CVE/CVE-2022-37973) + +### CVE-2022-37975 (2022-10-11) + + +Windows Group Policy Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-37975](https://github.com/Live-Hack-CVE/CVE-2022-37975) + +### CVE-2022-37991 (2022-10-11) + + +Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. + + +- [Live-Hack-CVE/CVE-2022-37991](https://github.com/Live-Hack-CVE/CVE-2022-37991) + +### CVE-2022-37992 (2022-11-09) + + +Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41086. + + +- [Live-Hack-CVE/CVE-2022-37992](https://github.com/Live-Hack-CVE/CVE-2022-37992) + +### CVE-2022-38014 (2022-11-09) + + +Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-38014](https://github.com/Live-Hack-CVE/CVE-2022-38014) + +### CVE-2022-38015 (2022-11-09) + + +Windows Hyper-V Denial of Service Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-38015](https://github.com/Live-Hack-CVE/CVE-2022-38015) + +### CVE-2022-38022 (2022-10-11) + + +Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. + + +- [Live-Hack-CVE/CVE-2022-38022](https://github.com/Live-Hack-CVE/CVE-2022-38022) + +### CVE-2022-38034 (2022-10-11) + + +Windows Workstation Service Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-38034](https://github.com/Live-Hack-CVE/CVE-2022-38034) + +### CVE-2022-38037 (2022-10-11) + + +Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039. + + +- [Live-Hack-CVE/CVE-2022-38037](https://github.com/Live-Hack-CVE/CVE-2022-38037) + +### CVE-2022-38038 (2022-10-11) + + +Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38039. + + +- [Live-Hack-CVE/CVE-2022-38038](https://github.com/Live-Hack-CVE/CVE-2022-38038) + +### CVE-2022-38043 (2022-10-11) + + +Windows Security Support Provider Interface Information Disclosure Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-38043](https://github.com/Live-Hack-CVE/CVE-2022-38043) + +### CVE-2022-38046 (2022-10-11) + + +Web Account Manager Information Disclosure Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-38046](https://github.com/Live-Hack-CVE/CVE-2022-38046) ### CVE-2022-38075 (2022-11-18) @@ -6135,125 +6856,85 @@ Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scr - [Live-Hack-CVE/CVE-2022-38075](https://github.com/Live-Hack-CVE/CVE-2022-38075) -### CVE-2022-38097 (2022-11-21) +### CVE-2022-38099 (2022-11-11) -A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. +Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. -- [Live-Hack-CVE/CVE-2022-38097](https://github.com/Live-Hack-CVE/CVE-2022-38097) +- [Live-Hack-CVE/CVE-2022-38099](https://github.com/Live-Hack-CVE/CVE-2022-38099) -### CVE-2022-38113 (2022-11-23) +### CVE-2022-38119 (2022-11-09) -This vulnerability discloses build and services versions in the server response header. +UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service. -- [Live-Hack-CVE/CVE-2022-38113](https://github.com/Live-Hack-CVE/CVE-2022-38113) +- [Live-Hack-CVE/CVE-2022-38119](https://github.com/Live-Hack-CVE/CVE-2022-38119) -### CVE-2022-38114 (2022-11-23) +### CVE-2022-38120 (2022-11-09) -This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. +UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files. -- [Live-Hack-CVE/CVE-2022-38114](https://github.com/Live-Hack-CVE/CVE-2022-38114) +- [Live-Hack-CVE/CVE-2022-38120](https://github.com/Live-Hack-CVE/CVE-2022-38120) -### CVE-2022-38115 (2022-11-23) +### CVE-2022-38121 (2022-11-09) -Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT +UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file. -- [Live-Hack-CVE/CVE-2022-38115](https://github.com/Live-Hack-CVE/CVE-2022-38115) +- [Live-Hack-CVE/CVE-2022-38121](https://github.com/Live-Hack-CVE/CVE-2022-38121) -### CVE-2022-38139 (2022-09-13) +### CVE-2022-38122 (2022-11-09) -Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress. +UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data. -- [Live-Hack-CVE/CVE-2022-38139](https://github.com/Live-Hack-CVE/CVE-2022-38139) +- [Live-Hack-CVE/CVE-2022-38122](https://github.com/Live-Hack-CVE/CVE-2022-38122) -### CVE-2022-38140 (2022-11-28) +### CVE-2022-38137 (2022-11-08) -Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. +Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. -- [Live-Hack-CVE/CVE-2022-38140](https://github.com/Live-Hack-CVE/CVE-2022-38140) +- [Live-Hack-CVE/CVE-2022-38137](https://github.com/Live-Hack-CVE/CVE-2022-38137) -### CVE-2022-38145 (2022-11-22) +### CVE-2022-38164 (2022-11-07) -Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. +WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5). -- [Live-Hack-CVE/CVE-2022-38145](https://github.com/Live-Hack-CVE/CVE-2022-38145) +- [Live-Hack-CVE/CVE-2022-38164](https://github.com/Live-Hack-CVE/CVE-2022-38164) -### CVE-2022-38146 (2022-11-21) +### CVE-2022-38167 (2022-11-14) -Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). +The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. -- [Live-Hack-CVE/CVE-2022-38146](https://github.com/Live-Hack-CVE/CVE-2022-38146) +- [Live-Hack-CVE/CVE-2022-38167](https://github.com/Live-Hack-CVE/CVE-2022-38167) -### CVE-2022-38147 (2022-11-22) +### CVE-2022-38168 (2022-11-03) -Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). +** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. -- [Live-Hack-CVE/CVE-2022-38147](https://github.com/Live-Hack-CVE/CVE-2022-38147) +- [Live-Hack-CVE/CVE-2022-38168](https://github.com/Live-Hack-CVE/CVE-2022-38168) -### CVE-2022-38148 (2022-11-21) +### CVE-2022-38183 (2022-08-12) -Silverstripe silverstripe/framework through 4.11 allows SQL Injection. +In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. -- [Live-Hack-CVE/CVE-2022-38148](https://github.com/Live-Hack-CVE/CVE-2022-38148) - -### CVE-2022-38150 (2022-08-10) - - -In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. - - -- [Live-Hack-CVE/CVE-2022-38150](https://github.com/Live-Hack-CVE/CVE-2022-38150) - -### CVE-2022-38163 (2022-11-07) - - -A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. - - -- [Live-Hack-CVE/CVE-2022-38163](https://github.com/Live-Hack-CVE/CVE-2022-38163) - -### CVE-2022-38165 (2022-11-17) - - -Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. - - -- [Live-Hack-CVE/CVE-2022-38165](https://github.com/Live-Hack-CVE/CVE-2022-38165) - -### CVE-2022-38166 (2022-11-25) - - -In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. - - -- [Live-Hack-CVE/CVE-2022-38166](https://github.com/Live-Hack-CVE/CVE-2022-38166) - -### CVE-2022-38178 (2022-09-21) - - -By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. - - -- [Live-Hack-CVE/CVE-2022-38178](https://github.com/Live-Hack-CVE/CVE-2022-38178) +- [Live-Hack-CVE/CVE-2022-38183](https://github.com/Live-Hack-CVE/CVE-2022-38183) ### CVE-2022-38201 (2022-11-15) @@ -6271,13 +6952,29 @@ XPDF v4.04 and earlier was discovered to contain a stack overflow via the functi - [Live-Hack-CVE/CVE-2022-38334](https://github.com/Live-Hack-CVE/CVE-2022-38334) -### CVE-2022-38377 (2022-11-25) +### CVE-2022-38385 (2022-11-15) -An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. +IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. -- [Live-Hack-CVE/CVE-2022-38377](https://github.com/Live-Hack-CVE/CVE-2022-38377) +- [Live-Hack-CVE/CVE-2022-38385](https://github.com/Live-Hack-CVE/CVE-2022-38385) + +### CVE-2022-38387 (2022-11-11) + + +IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. + + +- [Live-Hack-CVE/CVE-2022-38387](https://github.com/Live-Hack-CVE/CVE-2022-38387) + +### CVE-2022-38390 (2022-11-17) + + +Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. + + +- [Live-Hack-CVE/CVE-2022-38390](https://github.com/Live-Hack-CVE/CVE-2022-38390) ### CVE-2022-38461 (2022-11-17) @@ -6287,13 +6984,21 @@ Broken Access Control vulnerability in WPML Multilingual CMS premium plugin < - [Live-Hack-CVE/CVE-2022-38461](https://github.com/Live-Hack-CVE/CVE-2022-38461) -### CVE-2022-38462 (2022-11-22) +### CVE-2022-38465 (2022-10-11) -Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. +A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication. -- [Live-Hack-CVE/CVE-2022-38462](https://github.com/Live-Hack-CVE/CVE-2022-38462) +- [Live-Hack-CVE/CVE-2022-38465](https://github.com/Live-Hack-CVE/CVE-2022-38465) + +### CVE-2022-38537 (2022-09-13) + + +Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. + + +- [Live-Hack-CVE/CVE-2022-38537](https://github.com/Live-Hack-CVE/CVE-2022-38537) ### CVE-2022-38538 (2022-09-13) @@ -6303,13 +7008,45 @@ Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability - [Live-Hack-CVE/CVE-2022-38538](https://github.com/Live-Hack-CVE/CVE-2022-38538) -### CVE-2022-38649 (2022-11-22) +### CVE-2022-38577 (2022-09-19) -Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version. +ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. -- [Live-Hack-CVE/CVE-2022-38649](https://github.com/Live-Hack-CVE/CVE-2022-38649) +- [Live-Hack-CVE/CVE-2022-38577](https://github.com/Live-Hack-CVE/CVE-2022-38577) + +### CVE-2022-38582 (2022-11-04) + + +Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. + + +- [Live-Hack-CVE/CVE-2022-38582](https://github.com/Live-Hack-CVE/CVE-2022-38582) + +### CVE-2022-38650 (2022-11-11) + + +** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + + +- [Live-Hack-CVE/CVE-2022-38650](https://github.com/Live-Hack-CVE/CVE-2022-38650) + +### CVE-2022-38651 (2022-11-11) + + +** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + + +- [Live-Hack-CVE/CVE-2022-38651](https://github.com/Live-Hack-CVE/CVE-2022-38651) + +### CVE-2022-38652 (2022-11-11) + + +** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + + +- [Live-Hack-CVE/CVE-2022-38652](https://github.com/Live-Hack-CVE/CVE-2022-38652) ### CVE-2022-38666 (2022-11-15) @@ -6319,77 +7056,13 @@ Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unc - [Live-Hack-CVE/CVE-2022-38666](https://github.com/Live-Hack-CVE/CVE-2022-38666) -### CVE-2022-38724 (2022-11-22) +### CVE-2022-38705 (2022-11-14) -Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. +IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. -- [Live-Hack-CVE/CVE-2022-38724](https://github.com/Live-Hack-CVE/CVE-2022-38724) - -### CVE-2022-38753 (2022-11-28) - - -This update resolves a multi-factor authentication bypass attack - - -- [Live-Hack-CVE/CVE-2022-38753](https://github.com/Live-Hack-CVE/CVE-2022-38753) - -### CVE-2022-38755 (2022-11-21) - - -A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. - - -- [Live-Hack-CVE/CVE-2022-38755](https://github.com/Live-Hack-CVE/CVE-2022-38755) - -### CVE-2022-38767 (2022-11-25) - - -An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. - - -- [Live-Hack-CVE/CVE-2022-38767](https://github.com/Live-Hack-CVE/CVE-2022-38767) - -### CVE-2022-38801 (2022-11-30) - - -In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. - - -- [Live-Hack-CVE/CVE-2022-38801](https://github.com/Live-Hack-CVE/CVE-2022-38801) - -### CVE-2022-38802 (2022-11-30) - - -Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF - - -- [Live-Hack-CVE/CVE-2022-38802](https://github.com/Live-Hack-CVE/CVE-2022-38802) - -### CVE-2022-38803 (2022-11-30) - - -Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF - - -- [Live-Hack-CVE/CVE-2022-38803](https://github.com/Live-Hack-CVE/CVE-2022-38803) - -### CVE-2022-38813 (2022-11-25) - - -PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. - - -- [Live-Hack-CVE/CVE-2022-38813](https://github.com/Live-Hack-CVE/CVE-2022-38813) - -### CVE-2022-38871 (2022-11-18) - - -In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. - - -- [Live-Hack-CVE/CVE-2022-38871](https://github.com/Live-Hack-CVE/CVE-2022-38871) +- [Live-Hack-CVE/CVE-2022-38705](https://github.com/Live-Hack-CVE/CVE-2022-38705) ### CVE-2022-38890 (2022-09-15) @@ -6399,14 +7072,6 @@ Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8 - [Live-Hack-CVE/CVE-2022-38890](https://github.com/Live-Hack-CVE/CVE-2022-38890) -### CVE-2022-38900 (2022-11-28) - - -decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. - - -- [Live-Hack-CVE/CVE-2022-38900](https://github.com/Live-Hack-CVE/CVE-2022-38900) - ### CVE-2022-38974 (2022-11-18) @@ -6415,69 +7080,69 @@ Broken Access Control vulnerability in WPML Multilingual CMS premium plugin < - [Live-Hack-CVE/CVE-2022-38974](https://github.com/Live-Hack-CVE/CVE-2022-38974) -### CVE-2022-39028 (2022-08-30) +### CVE-2022-39036 (2022-11-09) -telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. +The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service. -- [Live-Hack-CVE/CVE-2022-39028](https://github.com/Live-Hack-CVE/CVE-2022-39028) +- [Live-Hack-CVE/CVE-2022-39036](https://github.com/Live-Hack-CVE/CVE-2022-39036) -### CVE-2022-39066 (2022-11-22) +### CVE-2022-39037 (2022-11-09) -There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. +Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. -- [Live-Hack-CVE/CVE-2022-39066](https://github.com/Live-Hack-CVE/CVE-2022-39066) +- [Live-Hack-CVE/CVE-2022-39037](https://github.com/Live-Hack-CVE/CVE-2022-39037) -### CVE-2022-39067 (2022-11-22) +### CVE-2022-39038 (2022-11-09) -There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. +Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service. -- [Live-Hack-CVE/CVE-2022-39067](https://github.com/Live-Hack-CVE/CVE-2022-39067) +- [Live-Hack-CVE/CVE-2022-39038](https://github.com/Live-Hack-CVE/CVE-2022-39038) -### CVE-2022-39070 (2022-11-22) +### CVE-2022-39069 (2022-11-08) -There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. +There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. -- [Live-Hack-CVE/CVE-2022-39070](https://github.com/Live-Hack-CVE/CVE-2022-39070) +- [Live-Hack-CVE/CVE-2022-39069](https://github.com/Live-Hack-CVE/CVE-2022-39069) -### CVE-2022-39135 (2022-09-11) +### CVE-2022-39157 (2022-11-08) -In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators. +A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745) -- [Live-Hack-CVE/CVE-2022-39135](https://github.com/Live-Hack-CVE/CVE-2022-39135) +- [Live-Hack-CVE/CVE-2022-39157](https://github.com/Live-Hack-CVE/CVE-2022-39157) -### CVE-2022-39173 (2022-09-28) +### CVE-2022-39158 (2022-09-13) -In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. +A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All versions), RUGGEDCOM ROS RMC8388 V4.X (All versions), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RP110 V4.X (All versions), RUGGEDCOM ROS RS1600 V4.X (All versions), RUGGEDCOM ROS RS1600F V4.X (All versions), RUGGEDCOM ROS RS1600T V4.X (All versions), RUGGEDCOM ROS RS400 V4.X (All versions), RUGGEDCOM ROS RS401 V4.X (All versions), RUGGEDCOM ROS RS416Pv2 V4.X (All versions), RUGGEDCOM ROS RS416Pv2 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 V4.X (All versions), RUGGEDCOM ROS RS416v2 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS8000 V4.X (All versions), RUGGEDCOM ROS RS8000A V4.X (All versions), RUGGEDCOM ROS RS8000H V4.X (All versions), RUGGEDCOM ROS RS8000T V4.X (All versions), RUGGEDCOM ROS RS900 (32M) V4.X (All versions), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS900 V4.X (All versions), RUGGEDCOM ROS RS900G (32M) V4.X (All versions), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS900G V4.X (All versions), RUGGEDCOM ROS RS900GP V4.X (All versions), RUGGEDCOM ROS RS900L V4.X (All versions), RUGGEDCOM ROS RS900M V4.X (All versions), RUGGEDCOM ROS RS900W V4.X (All versions), RUGGEDCOM ROS RS910 V4.X (All versions), RUGGEDCOM ROS RS910L V4.X (All versions), RUGGEDCOM ROS RS910W V4.X (All versions), RUGGEDCOM ROS RS920L V4.X (All versions), RUGGEDCOM ROS RS920W V4.X (All versions), RUGGEDCOM ROS RS930L V4.X (All versions), RUGGEDCOM ROS RS930W V4.X (All versions), RUGGEDCOM ROS RS940G V4.X (All versions), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 V4.X (All versions), RUGGEDCOM ROS RSG2100P V4.X (All versions), RUGGEDCOM ROS RSG2200 V4.X (All versions), RUGGEDCOM ROS RSG2288 V4.X (All versions), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V4.X (All versions), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V4.X (All versions), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V4.X (All versions), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG907R V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG908C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG909R V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG910C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V4.X (All versions), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST2228 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST2228P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST916C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST916P V5.X (All versions < V5.6.0), RUGGEDCOM ROS i800 V4.X (All versions), RUGGEDCOM ROS i801 V4.X (All versions), RUGGEDCOM ROS i802 V4.X (All versions), RUGGEDCOM ROS i803 V4.X (All versions). Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends. -- [Live-Hack-CVE/CVE-2022-39173](https://github.com/Live-Hack-CVE/CVE-2022-39173) +- [Live-Hack-CVE/CVE-2022-39158](https://github.com/Live-Hack-CVE/CVE-2022-39158) -### CVE-2022-39178 (2022-11-17) +### CVE-2022-39179 (2022-11-17) -Webvendome - Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. +College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. -- [Live-Hack-CVE/CVE-2022-39178](https://github.com/Live-Hack-CVE/CVE-2022-39178) +- [Live-Hack-CVE/CVE-2022-39179](https://github.com/Live-Hack-CVE/CVE-2022-39179) -### CVE-2022-39181 (2022-11-17) +### CVE-2022-39180 (2022-11-17) -GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser. +College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page. -- [Live-Hack-CVE/CVE-2022-39181](https://github.com/Live-Hack-CVE/CVE-2022-39181) +- [Live-Hack-CVE/CVE-2022-39180](https://github.com/Live-Hack-CVE/CVE-2022-39180) ### CVE-2022-39188 (2022-09-02) @@ -6495,37 +7160,29 @@ An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel bef - [Live-Hack-CVE/CVE-2022-39190](https://github.com/Live-Hack-CVE/CVE-2022-39190) -### CVE-2022-39199 (2022-11-22) +### CVE-2022-39209 (2022-09-15) -immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. This issue has been patched in version 1.4.1. As a workaround, when initializing an immudb client object a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server. +cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension. -- [Live-Hack-CVE/CVE-2022-39199](https://github.com/Live-Hack-CVE/CVE-2022-39199) +- [Live-Hack-CVE/CVE-2022-39209](https://github.com/Live-Hack-CVE/CVE-2022-39209) -### CVE-2022-39222 (2022-10-06) +### CVE-2022-39237 (2022-10-06) -Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. +syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. -- [Live-Hack-CVE/CVE-2022-39222](https://github.com/Live-Hack-CVE/CVE-2022-39222) +- [Live-Hack-CVE/CVE-2022-39237](https://github.com/Live-Hack-CVE/CVE-2022-39237) -### CVE-2022-39250 (2022-09-29) +### CVE-2022-39244 (2022-10-06) -Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround. +PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. -- [Live-Hack-CVE/CVE-2022-39250](https://github.com/Live-Hack-CVE/CVE-2022-39250) - -### CVE-2022-39251 (2022-09-28) - - -Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. - - -- [Live-Hack-CVE/CVE-2022-39251](https://github.com/Live-Hack-CVE/CVE-2022-39251) +- [Live-Hack-CVE/CVE-2022-39244](https://github.com/Live-Hack-CVE/CVE-2022-39244) ### CVE-2022-39261 (2022-09-28) @@ -6535,93 +7192,85 @@ Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to - [Live-Hack-CVE/CVE-2022-39261](https://github.com/Live-Hack-CVE/CVE-2022-39261) -### CVE-2022-39264 (2022-09-28) +### CVE-2022-39269 (2022-10-06) -nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu. +PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. -- [Live-Hack-CVE/CVE-2022-39264](https://github.com/Live-Hack-CVE/CVE-2022-39264) +- [Live-Hack-CVE/CVE-2022-39269](https://github.com/Live-Hack-CVE/CVE-2022-39269) -### CVE-2022-39265 (2022-10-06) +### CVE-2022-39270 (2022-10-06) -MyBB is a free and open source forum software. The _Mail Settings_ → Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability. +DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level - configured in component's settings) are able to inject arbitrary HTML on that topic's page. The issue has been fixed on the `main` branch. Admins can update the theme component through the admin UI (Customize -> Themes -> Components -> DiscoTOC -> Check for Updates). Alternatively, admins can temporarily disable the DiscoTOC theme component. -- [Live-Hack-CVE/CVE-2022-39265](https://github.com/Live-Hack-CVE/CVE-2022-39265) +- [Live-Hack-CVE/CVE-2022-39270](https://github.com/Live-Hack-CVE/CVE-2022-39270) -### CVE-2022-39325 (2022-11-25) +### CVE-2022-39275 (2022-10-06) -BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability. +Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue. -- [Live-Hack-CVE/CVE-2022-39325](https://github.com/Live-Hack-CVE/CVE-2022-39325) +- [Live-Hack-CVE/CVE-2022-39275](https://github.com/Live-Hack-CVE/CVE-2022-39275) -### CVE-2022-39331 (2022-11-25) +### CVE-2022-39280 (2022-10-06) -Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. +dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. -- [Live-Hack-CVE/CVE-2022-39331](https://github.com/Live-Hack-CVE/CVE-2022-39331) +- [Live-Hack-CVE/CVE-2022-39280](https://github.com/Live-Hack-CVE/CVE-2022-39280) -### CVE-2022-39332 (2022-11-25) +### CVE-2022-39286 (2022-10-26) -Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. +Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. -- [Live-Hack-CVE/CVE-2022-39332](https://github.com/Live-Hack-CVE/CVE-2022-39332) +- [Live-Hack-CVE/CVE-2022-39286](https://github.com/Live-Hack-CVE/CVE-2022-39286) -### CVE-2022-39333 (2022-11-25) +### CVE-2022-39299 (2022-10-12) -Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. +Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround. -- [Live-Hack-CVE/CVE-2022-39333](https://github.com/Live-Hack-CVE/CVE-2022-39333) +- [Live-Hack-CVE/CVE-2022-39299](https://github.com/Live-Hack-CVE/CVE-2022-39299) -### CVE-2022-39334 (2022-11-25) +### CVE-2022-39343 (2022-11-08) -Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability. +Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA. -- [Live-Hack-CVE/CVE-2022-39334](https://github.com/Live-Hack-CVE/CVE-2022-39334) +- [Live-Hack-CVE/CVE-2022-39343](https://github.com/Live-Hack-CVE/CVE-2022-39343) -### CVE-2022-39338 (2022-11-25) +### CVE-2022-39352 (2022-11-08) -user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser. +OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a ‘from’ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation. -- [Live-Hack-CVE/CVE-2022-39338](https://github.com/Live-Hack-CVE/CVE-2022-39338) +- [Live-Hack-CVE/CVE-2022-39352](https://github.com/Live-Hack-CVE/CVE-2022-39352) -### CVE-2022-39339 (2022-11-25) +### CVE-2022-39368 (2022-11-09) -user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings). +Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f -- [Live-Hack-CVE/CVE-2022-39339](https://github.com/Live-Hack-CVE/CVE-2022-39339) +- [Live-Hack-CVE/CVE-2022-39368](https://github.com/Live-Hack-CVE/CVE-2022-39368) -### CVE-2022-39348 (2022-10-26) +### CVE-2022-39369 (2022-11-01) -Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. +phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to "^(https)://.*") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim's account on a vulnerable CASified service without victim's knowledge, when the victim visits attacker's website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP's HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior. -- [Live-Hack-CVE/CVE-2022-39348](https://github.com/Live-Hack-CVE/CVE-2022-39348) - -### CVE-2022-39377 (2022-11-08) - - -sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. - - -- [Live-Hack-CVE/CVE-2022-39377](https://github.com/Live-Hack-CVE/CVE-2022-39377) +- [Live-Hack-CVE/CVE-2022-39369](https://github.com/Live-Hack-CVE/CVE-2022-39369) ### CVE-2022-39383 (2022-11-16) @@ -6631,37 +7280,253 @@ KubeVela is an open source application delivery platform. Users using the VelaUX - [Live-Hack-CVE/CVE-2022-39383](https://github.com/Live-Hack-CVE/CVE-2022-39383) -### CVE-2022-39389 (2022-11-17) +### CVE-2022-39385 (2022-11-14) -Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on chain transaction events will be undetected. This can cause loss of funds if a CSV expiry is researched during a breach attempt or a CLTV delta expires forgetting the funds in the HTLC. A patch is available in `lnd` version 0.15.4. Users are advised to upgrade. Users unable to upgrade may use the `lncli updatechanpolicy` RPC call to increase their CLTV value to a very high amount or increase their fee policies. This will prevent nodes from routing through your node, meaning that no pending HTLCs can be present. +Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed. -- [Live-Hack-CVE/CVE-2022-39389](https://github.com/Live-Hack-CVE/CVE-2022-39389) +- [Live-Hack-CVE/CVE-2022-39385](https://github.com/Live-Hack-CVE/CVE-2022-39385) -### CVE-2022-39397 (2022-11-22) +### CVE-2022-39386 (2022-11-08) -aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1. +@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions. -- [Live-Hack-CVE/CVE-2022-39397](https://github.com/Live-Hack-CVE/CVE-2022-39397) +- [Live-Hack-CVE/CVE-2022-39386](https://github.com/Live-Hack-CVE/CVE-2022-39386) -### CVE-2022-39833 (2022-11-23) +### CVE-2022-39388 (2022-11-10) -FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. +Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds. -- [Live-Hack-CVE/CVE-2022-39833](https://github.com/Live-Hack-CVE/CVE-2022-39833) +- [Live-Hack-CVE/CVE-2022-39388](https://github.com/Live-Hack-CVE/CVE-2022-39388) -### CVE-2022-40129 (2022-11-21) +### CVE-2022-39392 (2022-11-10) -A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. +Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime's default settings require virtual memory page faults to indicate that wasm reads/writes are out-of-bounds, but the pooling allocator's configuration would not create an appropriate virtual memory mapping for this meaning out of bounds reads/writes can successfully read/write memory unrelated to the wasm sandbox within range of the base address of the memory mapping created by the pooling allocator. This bug is not applicable with the default settings of the `wasmtime` crate. This bug can only be triggered by setting `InstanceLimits::memory_pages` to zero. This is expected to be a very rare configuration since this means that wasm modules cannot allocate any pages of linear memory. All wasm modules produced by all current toolchains are highly likely to use linear memory, so it's expected to be unlikely that this configuration is set to zero by any production embedding of Wasmtime. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by increasing the `memory_pages` allotment when configuring the pooling allocator to a value greater than zero. If an embedding wishes to still prevent memory from actually being used then the `Store::limiter` method can be used to dynamically disallow growth of memory beyond 0 bytes large. Note that the default `memory_pages` value is greater than zero. -- [Live-Hack-CVE/CVE-2022-40129](https://github.com/Live-Hack-CVE/CVE-2022-40129) +- [Live-Hack-CVE/CVE-2022-39392](https://github.com/Live-Hack-CVE/CVE-2022-39392) + +### CVE-2022-39393 (2022-11-10) + + +Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`. + + +- [Live-Hack-CVE/CVE-2022-39393](https://github.com/Live-Hack-CVE/CVE-2022-39393) + +### CVE-2022-39394 (2022-11-10) + + +Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected. + + +- [Live-Hack-CVE/CVE-2022-39394](https://github.com/Live-Hack-CVE/CVE-2022-39394) + +### CVE-2022-39395 (2022-11-10) + + +Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. After upgrading, Vela administrators will need to explicitly change the default settings to configure Vela as desired. Some of the fixes will interrupt existing workflows and will require Vela administrators to modify default settings. However, not applying the patch (or workarounds) will continue existing risk exposure. Some workarounds are available. Vela administrators can adjust the worker's `VELA_RUNTIME_PRIVILEGED_IMAGES` setting to be explicitly empty, leverage the `VELA_REPO_ALLOWLIST` setting on the server component to restrict access to a list of repositories that are allowed to be enabled, and/or audit enabled repositories and disable pull_requests if they are not needed. + + +- [Live-Hack-CVE/CVE-2022-39395](https://github.com/Live-Hack-CVE/CVE-2022-39395) + +### CVE-2022-39396 (2022-11-09) + + +Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds. + + +- [Live-Hack-CVE/CVE-2022-39396](https://github.com/Live-Hack-CVE/CVE-2022-39396) + +### CVE-2022-39398 (2022-11-09) + + +tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) - Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds. + + +- [Live-Hack-CVE/CVE-2022-39398](https://github.com/Live-Hack-CVE/CVE-2022-39398) + +### CVE-2022-39800 (2022-10-11) + + +SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. + + +- [Live-Hack-CVE/CVE-2022-39800](https://github.com/Live-Hack-CVE/CVE-2022-39800) + +### CVE-2022-39834 (2022-11-16) + + +A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user. + + +- [Live-Hack-CVE/CVE-2022-39834](https://github.com/Live-Hack-CVE/CVE-2022-39834) + +### CVE-2022-39879 (2022-11-09) + + +Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. + + +- [Live-Hack-CVE/CVE-2022-39879](https://github.com/Live-Hack-CVE/CVE-2022-39879) + +### CVE-2022-39880 (2022-11-09) + + +Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2022-39880](https://github.com/Live-Hack-CVE/CVE-2022-39880) + +### CVE-2022-39881 (2022-11-09) + + +Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. + + +- [Live-Hack-CVE/CVE-2022-39881](https://github.com/Live-Hack-CVE/CVE-2022-39881) + +### CVE-2022-39882 (2022-11-09) + + +Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. + + +- [Live-Hack-CVE/CVE-2022-39882](https://github.com/Live-Hack-CVE/CVE-2022-39882) + +### CVE-2022-39883 (2022-11-09) + + +Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. + + +- [Live-Hack-CVE/CVE-2022-39883](https://github.com/Live-Hack-CVE/CVE-2022-39883) + +### CVE-2022-39884 (2022-11-09) + + +Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. + + +- [Live-Hack-CVE/CVE-2022-39884](https://github.com/Live-Hack-CVE/CVE-2022-39884) + +### CVE-2022-39885 (2022-11-09) + + +Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. + + +- [Live-Hack-CVE/CVE-2022-39885](https://github.com/Live-Hack-CVE/CVE-2022-39885) + +### CVE-2022-39886 (2022-11-09) + + +Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. + + +- [Live-Hack-CVE/CVE-2022-39886](https://github.com/Live-Hack-CVE/CVE-2022-39886) + +### CVE-2022-39887 (2022-11-09) + + +Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. + + +- [Live-Hack-CVE/CVE-2022-39887](https://github.com/Live-Hack-CVE/CVE-2022-39887) + +### CVE-2022-39889 (2022-11-09) + + +Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. + + +- [Live-Hack-CVE/CVE-2022-39889](https://github.com/Live-Hack-CVE/CVE-2022-39889) + +### CVE-2022-39890 (2022-11-09) + + +Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. + + +- [Live-Hack-CVE/CVE-2022-39890](https://github.com/Live-Hack-CVE/CVE-2022-39890) + +### CVE-2022-39891 (2022-11-09) + + +Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. + + +- [Live-Hack-CVE/CVE-2022-39891](https://github.com/Live-Hack-CVE/CVE-2022-39891) + +### CVE-2022-39892 (2022-11-09) + + +Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. + + +- [Live-Hack-CVE/CVE-2022-39892](https://github.com/Live-Hack-CVE/CVE-2022-39892) + +### CVE-2022-39893 (2022-11-09) + + +Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. + + +- [Live-Hack-CVE/CVE-2022-39893](https://github.com/Live-Hack-CVE/CVE-2022-39893) + +### CVE-2022-39955 (2022-09-20) + + +The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. + + +- [Live-Hack-CVE/CVE-2022-39955](https://github.com/Live-Hack-CVE/CVE-2022-39955) + +### CVE-2022-39956 (2022-09-20) + + +The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8). + + +- [Live-Hack-CVE/CVE-2022-39956](https://github.com/Live-Hack-CVE/CVE-2022-39956) + +### CVE-2022-39957 (2022-09-20) + + +The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. + + +- [Live-Hack-CVE/CVE-2022-39957](https://github.com/Live-Hack-CVE/CVE-2022-39957) + +### CVE-2022-39958 (2022-09-20) + + +The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher. + + +- [Live-Hack-CVE/CVE-2022-39958](https://github.com/Live-Hack-CVE/CVE-2022-39958) + +### CVE-2022-40127 (2022-11-14) + + +A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. + + +- [Live-Hack-CVE/CVE-2022-40127](https://github.com/Live-Hack-CVE/CVE-2022-40127) + +### CVE-2022-40128 (2022-11-08) + + +Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. + + +- [Live-Hack-CVE/CVE-2022-40128](https://github.com/Live-Hack-CVE/CVE-2022-40128) ### CVE-2022-40130 (2022-11-18) @@ -6671,69 +7536,53 @@ Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 - [Live-Hack-CVE/CVE-2022-40130](https://github.com/Live-Hack-CVE/CVE-2022-40130) -### CVE-2022-40152 (2022-09-16) +### CVE-2022-40159 (2022-10-06) -Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. +** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. -- [Live-Hack-CVE/CVE-2022-40152](https://github.com/Live-Hack-CVE/CVE-2022-40152) +- [Live-Hack-CVE/CVE-2022-40159](https://github.com/Live-Hack-CVE/CVE-2022-40159) -### CVE-2022-40189 (2022-11-22) +### CVE-2022-40160 (2022-10-06) -Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version. +** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. -- [Live-Hack-CVE/CVE-2022-40189](https://github.com/Live-Hack-CVE/CVE-2022-40189) +- [Live-Hack-CVE/CVE-2022-40160](https://github.com/Live-Hack-CVE/CVE-2022-40160) -### CVE-2022-40192 (2022-11-17) +### CVE-2022-40186 (2022-09-21) -Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. +An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault. -- [Live-Hack-CVE/CVE-2022-40192](https://github.com/Live-Hack-CVE/CVE-2022-40192) +- [Live-Hack-CVE/CVE-2022-40186](https://github.com/Live-Hack-CVE/CVE-2022-40186) -### CVE-2022-40200 (2022-11-17) +### CVE-2022-40205 (2022-11-08) -Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. +Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. -- [Live-Hack-CVE/CVE-2022-40200](https://github.com/Live-Hack-CVE/CVE-2022-40200) +- [Live-Hack-CVE/CVE-2022-40205](https://github.com/Live-Hack-CVE/CVE-2022-40205) -### CVE-2022-40216 (2022-11-18) +### CVE-2022-40206 (2022-11-08) -Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. +Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. -- [Live-Hack-CVE/CVE-2022-40216](https://github.com/Live-Hack-CVE/CVE-2022-40216) +- [Live-Hack-CVE/CVE-2022-40206](https://github.com/Live-Hack-CVE/CVE-2022-40206) -### CVE-2022-40228 (2022-11-22) +### CVE-2022-40223 (2022-11-08) -IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527. +Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. -- [Live-Hack-CVE/CVE-2022-40228](https://github.com/Live-Hack-CVE/CVE-2022-40228) - -### CVE-2022-40266 (2022-11-24) - - -Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command. - - -- [Live-Hack-CVE/CVE-2022-40266](https://github.com/Live-Hack-CVE/CVE-2022-40266) - -### CVE-2022-40282 (2022-11-24) - - -The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21. - - -- [Live-Hack-CVE/CVE-2022-40282](https://github.com/Live-Hack-CVE/CVE-2022-40282) +- [Live-Hack-CVE/CVE-2022-40223](https://github.com/Live-Hack-CVE/CVE-2022-40223) ### CVE-2022-40307 (2022-09-09) @@ -6743,37 +7592,53 @@ An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi - [Live-Hack-CVE/CVE-2022-40307](https://github.com/Live-Hack-CVE/CVE-2022-40307) -### CVE-2022-40470 (2022-11-21) +### CVE-2022-40308 (2022-11-15) -Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. +If anonymous read enabled, it's possible to read the database file directly without logging in. -- [Live-Hack-CVE/CVE-2022-40470](https://github.com/Live-Hack-CVE/CVE-2022-40470) +- [Live-Hack-CVE/CVE-2022-40308](https://github.com/Live-Hack-CVE/CVE-2022-40308) -### CVE-2022-40489 (2022-11-30) +### CVE-2022-40309 (2022-11-15) -ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. +Users with write permissions to a repository can delete arbitrary directories. -- [Live-Hack-CVE/CVE-2022-40489](https://github.com/Live-Hack-CVE/CVE-2022-40489) +- [Live-Hack-CVE/CVE-2022-40309](https://github.com/Live-Hack-CVE/CVE-2022-40309) -### CVE-2022-40602 (2022-11-21) +### CVE-2022-40405 (2022-11-14) -A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. +WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. -- [Live-Hack-CVE/CVE-2022-40602](https://github.com/Live-Hack-CVE/CVE-2022-40602) +- [Live-Hack-CVE/CVE-2022-40405](https://github.com/Live-Hack-CVE/CVE-2022-40405) -### CVE-2022-40674 (2022-09-14) +### CVE-2022-40617 (2022-10-31) -libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. +strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. -- [Live-Hack-CVE/CVE-2022-40674](https://github.com/Live-Hack-CVE/CVE-2022-40674) +- [Live-Hack-CVE/CVE-2022-40617](https://github.com/Live-Hack-CVE/CVE-2022-40617) + +### CVE-2022-40632 (2022-11-08) + + +Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. + + +- [Live-Hack-CVE/CVE-2022-40632](https://github.com/Live-Hack-CVE/CVE-2022-40632) + +### CVE-2022-40664 (2022-10-12) + + +Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. + + +- [Live-Hack-CVE/CVE-2022-40664](https://github.com/Live-Hack-CVE/CVE-2022-40664) ### CVE-2022-40686 (2022-11-18) @@ -6791,14 +7656,6 @@ Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1. - [Live-Hack-CVE/CVE-2022-40687](https://github.com/Live-Hack-CVE/CVE-2022-40687) -### CVE-2022-40694 (2022-11-17) - - -Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-40694](https://github.com/Live-Hack-CVE/CVE-2022-40694) - ### CVE-2022-40695 (2022-11-18) @@ -6815,21 +7672,21 @@ Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey - [Live-Hack-CVE/CVE-2022-40698](https://github.com/Live-Hack-CVE/CVE-2022-40698) -### CVE-2022-40735 (2022-11-14) +### CVE-2022-40750 (2022-11-11) -The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together. +IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. -- [Live-Hack-CVE/CVE-2022-40735](https://github.com/Live-Hack-CVE/CVE-2022-40735) +- [Live-Hack-CVE/CVE-2022-40750](https://github.com/Live-Hack-CVE/CVE-2022-40750) -### CVE-2022-40746 (2022-11-21) +### CVE-2022-40751 (2022-11-17) -IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581. +IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. -- [Live-Hack-CVE/CVE-2022-40746](https://github.com/Live-Hack-CVE/CVE-2022-40746) +- [Live-Hack-CVE/CVE-2022-40751](https://github.com/Live-Hack-CVE/CVE-2022-40751) ### CVE-2022-40752 (2022-11-16) @@ -6839,37 +7696,21 @@ IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability - [Live-Hack-CVE/CVE-2022-40752](https://github.com/Live-Hack-CVE/CVE-2022-40752) -### CVE-2022-40765 (2022-11-21) +### CVE-2022-40753 (2022-11-15) -A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. +IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688. -- [Live-Hack-CVE/CVE-2022-40765](https://github.com/Live-Hack-CVE/CVE-2022-40765) +- [Live-Hack-CVE/CVE-2022-40753](https://github.com/Live-Hack-CVE/CVE-2022-40753) -### CVE-2022-40770 (2022-11-22) +### CVE-2022-40773 (2022-11-11) -Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. +Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. -- [Live-Hack-CVE/CVE-2022-40770](https://github.com/Live-Hack-CVE/CVE-2022-40770) - -### CVE-2022-40771 (2022-11-23) - - -Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. - - -- [Live-Hack-CVE/CVE-2022-40771](https://github.com/Live-Hack-CVE/CVE-2022-40771) - -### CVE-2022-40772 (2022-11-23) - - -Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. - - -- [Live-Hack-CVE/CVE-2022-40772](https://github.com/Live-Hack-CVE/CVE-2022-40772) +- [Live-Hack-CVE/CVE-2022-40773](https://github.com/Live-Hack-CVE/CVE-2022-40773) ### CVE-2022-40797 (2022-11-09) @@ -6879,21 +7720,13 @@ Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the - [Live-Hack-CVE/CVE-2022-40797](https://github.com/Live-Hack-CVE/CVE-2022-40797) -### CVE-2022-40799 (2022-11-28) +### CVE-2022-40843 (2022-11-14) -Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. +The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. -- [Live-Hack-CVE/CVE-2022-40799](https://github.com/Live-Hack-CVE/CVE-2022-40799) - -### CVE-2022-40842 (2022-11-21) - - -ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. - - -- [Live-Hack-CVE/CVE-2022-40842](https://github.com/Live-Hack-CVE/CVE-2022-40842) +- [Live-Hack-CVE/CVE-2022-40843](https://github.com/Live-Hack-CVE/CVE-2022-40843) ### CVE-2022-40844 (2022-11-14) @@ -6927,165 +7760,493 @@ In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command in - [Live-Hack-CVE/CVE-2022-40847](https://github.com/Live-Hack-CVE/CVE-2022-40847) -### CVE-2022-40849 (2022-11-30) +### CVE-2022-40881 (2022-11-16) -ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID). +SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php -- [Live-Hack-CVE/CVE-2022-40849](https://github.com/Live-Hack-CVE/CVE-2022-40849) +- [Live-Hack-CVE/CVE-2022-40881](https://github.com/Live-Hack-CVE/CVE-2022-40881) -### CVE-2022-40870 (2022-11-22) +### CVE-2022-40981 (2022-11-10) -The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header. +All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. -- [Live-Hack-CVE/CVE-2022-40870](https://github.com/Live-Hack-CVE/CVE-2022-40870) +- [Live-Hack-CVE/CVE-2022-40981](https://github.com/Live-Hack-CVE/CVE-2022-40981) -### CVE-2022-40903 (2022-11-14) +### CVE-2022-41035 (2022-10-11) -Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. +Microsoft Edge (Chromium-based) Spoofing Vulnerability. -- [Live-Hack-CVE/CVE-2022-40903](https://github.com/Live-Hack-CVE/CVE-2022-40903) +- [Live-Hack-CVE/CVE-2022-41035](https://github.com/Live-Hack-CVE/CVE-2022-41035) -### CVE-2022-40954 (2022-11-22) +### CVE-2022-41039 (2022-11-09) -Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed). +Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088. -- [Live-Hack-CVE/CVE-2022-40954](https://github.com/Live-Hack-CVE/CVE-2022-40954) +- [Live-Hack-CVE/CVE-2022-41039](https://github.com/Live-Hack-CVE/CVE-2022-41039) -### CVE-2022-40963 (2022-11-18) +### CVE-2022-41044 (2022-11-09) -Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress. +Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41088. -- [Live-Hack-CVE/CVE-2022-40963](https://github.com/Live-Hack-CVE/CVE-2022-40963) +- [Live-Hack-CVE/CVE-2022-41044](https://github.com/Live-Hack-CVE/CVE-2022-41044) -### CVE-2022-40976 (2022-11-24) +### CVE-2022-41045 (2022-11-09) -A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. +Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100. -- [Live-Hack-CVE/CVE-2022-40976](https://github.com/Live-Hack-CVE/CVE-2022-40976) +- [Live-Hack-CVE/CVE-2022-41045](https://github.com/Live-Hack-CVE/CVE-2022-41045) -### CVE-2022-40977 (2022-11-24) +### CVE-2022-41047 (2022-11-09) -A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. +Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41048. -- [Live-Hack-CVE/CVE-2022-40977](https://github.com/Live-Hack-CVE/CVE-2022-40977) +- [Live-Hack-CVE/CVE-2022-41047](https://github.com/Live-Hack-CVE/CVE-2022-41047) -### CVE-2022-41032 (2022-10-11) +### CVE-2022-41048 (2022-11-09) -NuGet Client Elevation of Privilege Vulnerability. +Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047. -- [Live-Hack-CVE/CVE-2022-41032](https://github.com/Live-Hack-CVE/CVE-2022-41032) +- [Live-Hack-CVE/CVE-2022-41048](https://github.com/Live-Hack-CVE/CVE-2022-41048) -### CVE-2022-41043 (2022-10-11) +### CVE-2022-41049 (2022-11-09) -Microsoft Office Information Disclosure Vulnerability. +Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091. -- [Live-Hack-CVE/CVE-2022-41043](https://github.com/Live-Hack-CVE/CVE-2022-41043) +- [Live-Hack-CVE/CVE-2022-41049](https://github.com/Live-Hack-CVE/CVE-2022-41049) -### CVE-2022-41064 (2022-11-09) +### CVE-2022-41050 (2022-11-09) -.NET Framework Information Disclosure Vulnerability. +Windows Extensible File Allocation Table Elevation of Privilege Vulnerability. -- [Live-Hack-CVE/CVE-2022-41064](https://github.com/Live-Hack-CVE/CVE-2022-41064) +- [Live-Hack-CVE/CVE-2022-41050](https://github.com/Live-Hack-CVE/CVE-2022-41050) -### CVE-2022-41131 (2022-11-22) +### CVE-2022-41051 (2022-11-09) -Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed). +Azure RTOS GUIX Studio Remote Code Execution Vulnerability. -- [Live-Hack-CVE/CVE-2022-41131](https://github.com/Live-Hack-CVE/CVE-2022-41131) +- [Live-Hack-CVE/CVE-2022-41051](https://github.com/Live-Hack-CVE/CVE-2022-41051) -### CVE-2022-41132 (2022-11-17) +### CVE-2022-41052 (2022-11-09) -Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. +Windows Graphics Component Remote Code Execution Vulnerability. -- [Live-Hack-CVE/CVE-2022-41132](https://github.com/Live-Hack-CVE/CVE-2022-41132) +- [Live-Hack-CVE/CVE-2022-41052](https://github.com/Live-Hack-CVE/CVE-2022-41052) -### CVE-2022-41135 (2022-11-18) +### CVE-2022-41053 (2022-11-09) -Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. +Windows Kerberos Denial of Service Vulnerability. -- [Live-Hack-CVE/CVE-2022-41135](https://github.com/Live-Hack-CVE/CVE-2022-41135) +- [Live-Hack-CVE/CVE-2022-41053](https://github.com/Live-Hack-CVE/CVE-2022-41053) -### CVE-2022-41155 (2022-11-18) +### CVE-2022-41054 (2022-11-09) -Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. +Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. -- [Live-Hack-CVE/CVE-2022-41155](https://github.com/Live-Hack-CVE/CVE-2022-41155) +- [Live-Hack-CVE/CVE-2022-41054](https://github.com/Live-Hack-CVE/CVE-2022-41054) -### CVE-2022-41156 (2022-11-25) +### CVE-2022-41055 (2022-11-09) -Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code. +Windows Human Interface Device Information Disclosure Vulnerability. -- [Live-Hack-CVE/CVE-2022-41156](https://github.com/Live-Hack-CVE/CVE-2022-41156) +- [Live-Hack-CVE/CVE-2022-41055](https://github.com/Live-Hack-CVE/CVE-2022-41055) -### CVE-2022-41158 (2022-11-25) +### CVE-2022-41056 (2022-11-09) -Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. +Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability. -- [Live-Hack-CVE/CVE-2022-41158](https://github.com/Live-Hack-CVE/CVE-2022-41158) +- [Live-Hack-CVE/CVE-2022-41056](https://github.com/Live-Hack-CVE/CVE-2022-41056) -### CVE-2022-41223 (2022-11-21) +### CVE-2022-41058 (2022-11-09) -The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. +Windows Network Address Translation (NAT) Denial of Service Vulnerability. -- [Live-Hack-CVE/CVE-2022-41223](https://github.com/Live-Hack-CVE/CVE-2022-41223) +- [Live-Hack-CVE/CVE-2022-41058](https://github.com/Live-Hack-CVE/CVE-2022-41058) -### CVE-2022-41235 (2022-09-21) +### CVE-2022-41060 (2022-11-09) -Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. +Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103. -- [Live-Hack-CVE/CVE-2022-41235](https://github.com/Live-Hack-CVE/CVE-2022-41235) +- [Live-Hack-CVE/CVE-2022-41060](https://github.com/Live-Hack-CVE/CVE-2022-41060) -### CVE-2022-41315 (2022-11-17) +### CVE-2022-41061 (2022-11-09) -Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress. +Microsoft Word Remote Code Execution Vulnerability. -- [Live-Hack-CVE/CVE-2022-41315](https://github.com/Live-Hack-CVE/CVE-2022-41315) +- [Live-Hack-CVE/CVE-2022-41061](https://github.com/Live-Hack-CVE/CVE-2022-41061) -### CVE-2022-41316 (2022-10-12) +### CVE-2022-41062 (2022-11-09) -HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. +Microsoft SharePoint Server Remote Code Execution Vulnerability. -- [Live-Hack-CVE/CVE-2022-41316](https://github.com/Live-Hack-CVE/CVE-2022-41316) +- [Live-Hack-CVE/CVE-2022-41062](https://github.com/Live-Hack-CVE/CVE-2022-41062) + +### CVE-2022-41063 (2022-11-09) + + +Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41106. + + +- [Live-Hack-CVE/CVE-2022-41063](https://github.com/Live-Hack-CVE/CVE-2022-41063) + +### CVE-2022-41066 (2022-11-09) + + +Microsoft Business Central Information Disclosure Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41066](https://github.com/Live-Hack-CVE/CVE-2022-41066) + +### CVE-2022-41073 (2022-11-09) + + +Windows Print Spooler Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41073](https://github.com/Live-Hack-CVE/CVE-2022-41073) + +### CVE-2022-41080 (2022-11-09) + + +Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123. + + +- [Live-Hack-CVE/CVE-2022-41080](https://github.com/Live-Hack-CVE/CVE-2022-41080) + +### CVE-2022-41082 (2022-10-02) + + +Microsoft Exchange Server Remote Code Execution Vulnerability. + + +- [balki97/OWASSRF-CVE-2022-41082-POC](https://github.com/balki97/OWASSRF-CVE-2022-41082-POC) + +### CVE-2022-41085 (2022-11-09) + + +Azure CycleCloud Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41085](https://github.com/Live-Hack-CVE/CVE-2022-41085) + +### CVE-2022-41086 (2022-11-09) + + +Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37992. + + +- [Live-Hack-CVE/CVE-2022-41086](https://github.com/Live-Hack-CVE/CVE-2022-41086) + +### CVE-2022-41088 (2022-11-09) + + +Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044. + + +- [Live-Hack-CVE/CVE-2022-41088](https://github.com/Live-Hack-CVE/CVE-2022-41088) + +### CVE-2022-41090 (2022-11-09) + + +Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116. + + +- [Live-Hack-CVE/CVE-2022-41090](https://github.com/Live-Hack-CVE/CVE-2022-41090) + +### CVE-2022-41091 (2022-11-09) + + +Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049. + + +- [Live-Hack-CVE/CVE-2022-41091](https://github.com/Live-Hack-CVE/CVE-2022-41091) + +### CVE-2022-41092 (2022-11-09) + + +Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41109. + + +- [Live-Hack-CVE/CVE-2022-41092](https://github.com/Live-Hack-CVE/CVE-2022-41092) + +### CVE-2022-41093 (2022-11-09) + + +Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100. + + +- [Live-Hack-CVE/CVE-2022-41093](https://github.com/Live-Hack-CVE/CVE-2022-41093) + +### CVE-2022-41095 (2022-11-09) + + +Windows Digital Media Receiver Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41095](https://github.com/Live-Hack-CVE/CVE-2022-41095) + +### CVE-2022-41096 (2022-11-09) + + +Microsoft DWM Core Library Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41096](https://github.com/Live-Hack-CVE/CVE-2022-41096) + +### CVE-2022-41097 (2022-11-09) + + +Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41097](https://github.com/Live-Hack-CVE/CVE-2022-41097) + +### CVE-2022-41098 (2022-11-09) + + +Windows GDI+ Information Disclosure Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41098](https://github.com/Live-Hack-CVE/CVE-2022-41098) + +### CVE-2022-41099 (2022-11-09) + + +BitLocker Security Feature Bypass Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41099](https://github.com/Live-Hack-CVE/CVE-2022-41099) + +### CVE-2022-41100 (2022-11-09) + + +Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093. + + +- [Live-Hack-CVE/CVE-2022-41100](https://github.com/Live-Hack-CVE/CVE-2022-41100) + +### CVE-2022-41101 (2022-11-09) + + +Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41102. + + +- [Live-Hack-CVE/CVE-2022-41101](https://github.com/Live-Hack-CVE/CVE-2022-41101) + +### CVE-2022-41102 (2022-11-09) + + +Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41101. + + +- [Live-Hack-CVE/CVE-2022-41102](https://github.com/Live-Hack-CVE/CVE-2022-41102) + +### CVE-2022-41103 (2022-11-09) + + +Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41060. + + +- [Live-Hack-CVE/CVE-2022-41103](https://github.com/Live-Hack-CVE/CVE-2022-41103) + +### CVE-2022-41104 (2022-11-09) + + +Microsoft Excel Security Feature Bypass Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41104](https://github.com/Live-Hack-CVE/CVE-2022-41104) + +### CVE-2022-41105 (2022-11-09) + + +Microsoft Excel Information Disclosure Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41105](https://github.com/Live-Hack-CVE/CVE-2022-41105) + +### CVE-2022-41106 (2022-11-09) + + +Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41063. + + +- [Live-Hack-CVE/CVE-2022-41106](https://github.com/Live-Hack-CVE/CVE-2022-41106) + +### CVE-2022-41107 (2022-11-09) + + +Microsoft Office Graphics Remote Code Execution Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41107](https://github.com/Live-Hack-CVE/CVE-2022-41107) + +### CVE-2022-41109 (2022-11-09) + + +Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41092. + + +- [Live-Hack-CVE/CVE-2022-41109](https://github.com/Live-Hack-CVE/CVE-2022-41109) + +### CVE-2022-41113 (2022-11-09) + + +Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41113](https://github.com/Live-Hack-CVE/CVE-2022-41113) + +### CVE-2022-41114 (2022-11-09) + + +Windows Bind Filter Driver Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41114](https://github.com/Live-Hack-CVE/CVE-2022-41114) + +### CVE-2022-41116 (2022-11-09) + + +Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090. + + +- [Live-Hack-CVE/CVE-2022-41116](https://github.com/Live-Hack-CVE/CVE-2022-41116) + +### CVE-2022-41118 (2022-11-09) + + +Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128. + + +- [Live-Hack-CVE/CVE-2022-41118](https://github.com/Live-Hack-CVE/CVE-2022-41118) + +### CVE-2022-41119 (2022-11-09) + + +Visual Studio Remote Code Execution Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41119](https://github.com/Live-Hack-CVE/CVE-2022-41119) + +### CVE-2022-41120 (2022-11-09) + + +Microsoft Windows Sysmon Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41120](https://github.com/Live-Hack-CVE/CVE-2022-41120) + +### CVE-2022-41122 (2022-11-09) + + +Microsoft SharePoint Server Spoofing Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41122](https://github.com/Live-Hack-CVE/CVE-2022-41122) + +### CVE-2022-41123 (2022-11-09) + + +Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080. + + +- [Live-Hack-CVE/CVE-2022-41123](https://github.com/Live-Hack-CVE/CVE-2022-41123) + +### CVE-2022-41125 (2022-11-09) + + +Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. + + +- [Live-Hack-CVE/CVE-2022-41125](https://github.com/Live-Hack-CVE/CVE-2022-41125) + +### CVE-2022-41128 (2022-11-09) + + +Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118. + + +- [Live-Hack-CVE/CVE-2022-41128](https://github.com/Live-Hack-CVE/CVE-2022-41128) + +### CVE-2022-41136 (2022-11-08) + + +Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. + + +- [Live-Hack-CVE/CVE-2022-41136](https://github.com/Live-Hack-CVE/CVE-2022-41136) + +### CVE-2022-41203 (2022-11-08) + + +In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system. + + +- [Live-Hack-CVE/CVE-2022-41203](https://github.com/Live-Hack-CVE/CVE-2022-41203) + +### CVE-2022-41207 (2022-11-08) + + +SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. + + +- [Live-Hack-CVE/CVE-2022-41207](https://github.com/Live-Hack-CVE/CVE-2022-41207) + +### CVE-2022-41212 (2022-11-08) + + +Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. + + +- [Live-Hack-CVE/CVE-2022-41212](https://github.com/Live-Hack-CVE/CVE-2022-41212) + +### CVE-2022-41259 (2022-11-08) + + +SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. + + +- [Live-Hack-CVE/CVE-2022-41259](https://github.com/Live-Hack-CVE/CVE-2022-41259) ### CVE-2022-41319 (2022-09-23) @@ -7095,21 +8256,13 @@ A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop - [Live-Hack-CVE/CVE-2022-41319](https://github.com/Live-Hack-CVE/CVE-2022-41319) -### CVE-2022-41323 (2022-10-16) +### CVE-2022-41339 (2022-11-11) -In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. +In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. -- [Live-Hack-CVE/CVE-2022-41323](https://github.com/Live-Hack-CVE/CVE-2022-41323) - -### CVE-2022-41326 (2022-11-21) - - -The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. - - -- [Live-Hack-CVE/CVE-2022-41326](https://github.com/Live-Hack-CVE/CVE-2022-41326) +- [Live-Hack-CVE/CVE-2022-41339](https://github.com/Live-Hack-CVE/CVE-2022-41339) ### CVE-2022-41343 (2022-09-25) @@ -7119,61 +8272,37 @@ registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclus - [Live-Hack-CVE/CVE-2022-41343](https://github.com/Live-Hack-CVE/CVE-2022-41343) -### CVE-2022-41395 (2022-11-14) +### CVE-2022-41352 (2022-09-25) -Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. +An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio. -- [Live-Hack-CVE/CVE-2022-41395](https://github.com/Live-Hack-CVE/CVE-2022-41395) +- [Live-Hack-CVE/CVE-2022-41352](https://github.com/Live-Hack-CVE/CVE-2022-41352) -### CVE-2022-41396 (2022-11-14) +### CVE-2022-41432 (2022-11-07) -Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. +EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. -- [Live-Hack-CVE/CVE-2022-41396](https://github.com/Live-Hack-CVE/CVE-2022-41396) +- [Live-Hack-CVE/CVE-2022-41432](https://github.com/Live-Hack-CVE/CVE-2022-41432) -### CVE-2022-41404 (2022-10-11) +### CVE-2022-41433 (2022-11-07) -An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. +EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. -- [Live-Hack-CVE/CVE-2022-41404](https://github.com/Live-Hack-CVE/CVE-2022-41404) +- [Live-Hack-CVE/CVE-2022-41433](https://github.com/Live-Hack-CVE/CVE-2022-41433) -### CVE-2022-41412 (2022-11-29) +### CVE-2022-41434 (2022-11-07) -An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. +EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. -- [Live-Hack-CVE/CVE-2022-41412](https://github.com/Live-Hack-CVE/CVE-2022-41412) - -### CVE-2022-41413 (2022-11-29) - - -perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. - - -- [Live-Hack-CVE/CVE-2022-41413](https://github.com/Live-Hack-CVE/CVE-2022-41413) - -### CVE-2022-41445 (2022-11-22) - - -A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. - - -- [Live-Hack-CVE/CVE-2022-41445](https://github.com/Live-Hack-CVE/CVE-2022-41445) - -### CVE-2022-41446 (2022-11-22) - - -An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. - - -- [Live-Hack-CVE/CVE-2022-41446](https://github.com/Live-Hack-CVE/CVE-2022-41446) +- [Live-Hack-CVE/CVE-2022-41434](https://github.com/Live-Hack-CVE/CVE-2022-41434) ### CVE-2022-41540 (2022-10-18) @@ -7183,14 +8312,6 @@ The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic key - [efchatz/easy-exploits](https://github.com/efchatz/easy-exploits) -### CVE-2022-41556 (2022-10-06) - - -A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. - - -- [Live-Hack-CVE/CVE-2022-41556](https://github.com/Live-Hack-CVE/CVE-2022-41556) - ### CVE-2022-41558 (2022-11-15) @@ -7199,13 +8320,13 @@ The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TI - [Live-Hack-CVE/CVE-2022-41558](https://github.com/Live-Hack-CVE/CVE-2022-41558) -### CVE-2022-41568 (2022-11-28) +### CVE-2022-41607 (2022-11-10) -LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. +All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more. -- [Live-Hack-CVE/CVE-2022-41568](https://github.com/Live-Hack-CVE/CVE-2022-41568) +- [Live-Hack-CVE/CVE-2022-41607](https://github.com/Live-Hack-CVE/CVE-2022-41607) ### CVE-2022-41609 (2022-11-18) @@ -7215,37 +8336,13 @@ Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better M - [Live-Hack-CVE/CVE-2022-41609](https://github.com/Live-Hack-CVE/CVE-2022-41609) -### CVE-2022-41615 (2022-11-18) +### CVE-2022-41611 (2022-11-15) -Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. +Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application. -- [Live-Hack-CVE/CVE-2022-41615](https://github.com/Live-Hack-CVE/CVE-2022-41615) - -### CVE-2022-41618 (2022-11-18) - - -Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-41618](https://github.com/Live-Hack-CVE/CVE-2022-41618) - -### CVE-2022-41634 (2022-11-18) - - -Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-41634](https://github.com/Live-Hack-CVE/CVE-2022-41634) - -### CVE-2022-41643 (2022-11-18) - - -Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-41643](https://github.com/Live-Hack-CVE/CVE-2022-41643) +- [Live-Hack-CVE/CVE-2022-41611](https://github.com/Live-Hack-CVE/CVE-2022-41611) ### CVE-2022-41652 (2022-11-18) @@ -7255,13 +8352,29 @@ Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. - [Live-Hack-CVE/CVE-2022-41652](https://github.com/Live-Hack-CVE/CVE-2022-41652) -### CVE-2022-41655 (2022-11-18) +### CVE-2022-41669 (2022-11-04) -Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress. +A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). -- [Live-Hack-CVE/CVE-2022-41655](https://github.com/Live-Hack-CVE/CVE-2022-41655) +- [Live-Hack-CVE/CVE-2022-41669](https://github.com/Live-Hack-CVE/CVE-2022-41669) + +### CVE-2022-41670 (2022-11-04) + + +A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). + + +- [Live-Hack-CVE/CVE-2022-41670](https://github.com/Live-Hack-CVE/CVE-2022-41670) + +### CVE-2022-41671 (2022-11-04) + + +A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). + + +- [Live-Hack-CVE/CVE-2022-41671](https://github.com/Live-Hack-CVE/CVE-2022-41671) ### CVE-2022-41674 (2022-10-13) @@ -7271,30 +8384,6 @@ An issue was discovered in the Linux kernel before 5.19.16. Attackers able to in - [Live-Hack-CVE/CVE-2022-41674](https://github.com/Live-Hack-CVE/CVE-2022-41674) -### CVE-2022-41675 (2022-11-28) - - -A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. - - -- [Live-Hack-CVE/CVE-2022-41675](https://github.com/Live-Hack-CVE/CVE-2022-41675) - -### CVE-2022-41676 (2022-11-28) - - -Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient. - - -- [Live-Hack-CVE/CVE-2022-41676](https://github.com/Live-Hack-CVE/CVE-2022-41676) - -### CVE-2022-41685 (2022-11-18) - - -Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-41685](https://github.com/Live-Hack-CVE/CVE-2022-41685) - ### CVE-2022-41692 (2022-11-18) @@ -7303,61 +8392,29 @@ Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3 - [Live-Hack-CVE/CVE-2022-41692](https://github.com/Live-Hack-CVE/CVE-2022-41692) -### CVE-2022-41705 (2022-11-25) +### CVE-2022-41719 (2022-11-10) -Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. +Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. -- [Live-Hack-CVE/CVE-2022-41705](https://github.com/Live-Hack-CVE/CVE-2022-41705) +- [Live-Hack-CVE/CVE-2022-41719](https://github.com/Live-Hack-CVE/CVE-2022-41719) -### CVE-2022-41706 (2022-11-25) +### CVE-2022-41757 (2022-11-08) -Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. +An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0. -- [Live-Hack-CVE/CVE-2022-41706](https://github.com/Live-Hack-CVE/CVE-2022-41706) +- [Live-Hack-CVE/CVE-2022-41757](https://github.com/Live-Hack-CVE/CVE-2022-41757) -### CVE-2022-41712 (2022-11-25) +### CVE-2022-41775 (2022-11-17) -Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. +SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network -- [Live-Hack-CVE/CVE-2022-41712](https://github.com/Live-Hack-CVE/CVE-2022-41712) - -### CVE-2022-41732 (2022-11-28) - - -IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. - - -- [Live-Hack-CVE/CVE-2022-41732](https://github.com/Live-Hack-CVE/CVE-2022-41732) - -### CVE-2022-41741 (2022-10-19) - - -NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. - - -- [Live-Hack-CVE/CVE-2022-41741](https://github.com/Live-Hack-CVE/CVE-2022-41741) - -### CVE-2022-41742 (2022-10-19) - - -NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. - - -- [Live-Hack-CVE/CVE-2022-41742](https://github.com/Live-Hack-CVE/CVE-2022-41742) - -### CVE-2022-41751 (2022-10-17) - - -Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. - - -- [Live-Hack-CVE/CVE-2022-41751](https://github.com/Live-Hack-CVE/CVE-2022-41751) +- [Live-Hack-CVE/CVE-2022-41775](https://github.com/Live-Hack-CVE/CVE-2022-41775) ### CVE-2022-41781 (2022-11-18) @@ -7367,21 +8424,13 @@ Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.2 - [Live-Hack-CVE/CVE-2022-41781](https://github.com/Live-Hack-CVE/CVE-2022-41781) -### CVE-2022-41788 (2022-11-18) +### CVE-2022-41789 (2022-11-15) -Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. +Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. -- [Live-Hack-CVE/CVE-2022-41788](https://github.com/Live-Hack-CVE/CVE-2022-41788) - -### CVE-2022-41791 (2022-11-17) - - -Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-41791](https://github.com/Live-Hack-CVE/CVE-2022-41791) +- [Live-Hack-CVE/CVE-2022-41789](https://github.com/Live-Hack-CVE/CVE-2022-41789) ### CVE-2022-41805 (2022-11-18) @@ -7391,13 +8440,13 @@ Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugi - [Live-Hack-CVE/CVE-2022-41805](https://github.com/Live-Hack-CVE/CVE-2022-41805) -### CVE-2022-41839 (2022-11-18) +### CVE-2022-41814 (2022-11-15) -Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. +Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. -- [Live-Hack-CVE/CVE-2022-41839](https://github.com/Live-Hack-CVE/CVE-2022-41839) +- [Live-Hack-CVE/CVE-2022-41814](https://github.com/Live-Hack-CVE/CVE-2022-41814) ### CVE-2022-41840 (2022-11-18) @@ -7407,517 +8456,133 @@ Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7. - [Live-Hack-CVE/CVE-2022-41840](https://github.com/Live-Hack-CVE/CVE-2022-41840) -### CVE-2022-41875 (2022-11-23) +### CVE-2022-41873 (2022-11-10) -A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`. +Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub. -- [Live-Hack-CVE/CVE-2022-41875](https://github.com/Live-Hack-CVE/CVE-2022-41875) +- [Live-Hack-CVE/CVE-2022-41873](https://github.com/Live-Hack-CVE/CVE-2022-41873) -### CVE-2022-41880 (2022-11-18) +### CVE-2022-41874 (2022-11-09) -TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json. -- [Live-Hack-CVE/CVE-2022-41880](https://github.com/Live-Hack-CVE/CVE-2022-41880) +- [Live-Hack-CVE/CVE-2022-41874](https://github.com/Live-Hack-CVE/CVE-2022-41874) -### CVE-2022-41883 (2022-11-18) +### CVE-2022-41876 (2022-11-10) -TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer. -- [Live-Hack-CVE/CVE-2022-41883](https://github.com/Live-Hack-CVE/CVE-2022-41883) +- [Live-Hack-CVE/CVE-2022-41876](https://github.com/Live-Hack-CVE/CVE-2022-41876) -### CVE-2022-41884 (2022-11-18) +### CVE-2022-41878 (2022-11-10) -TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option. This issue is fixed in versions 4.10.19, and 5.3.2. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature. -- [Live-Hack-CVE/CVE-2022-41884](https://github.com/Live-Hack-CVE/CVE-2022-41884) +- [Live-Hack-CVE/CVE-2022-41878](https://github.com/Live-Hack-CVE/CVE-2022-41878) -### CVE-2022-41885 (2022-11-18) +### CVE-2022-41879 (2022-11-10) -TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds. -- [Live-Hack-CVE/CVE-2022-41885](https://github.com/Live-Hack-CVE/CVE-2022-41885) +- [Live-Hack-CVE/CVE-2022-41879](https://github.com/Live-Hack-CVE/CVE-2022-41879) -### CVE-2022-41886 (2022-11-18) +### CVE-2022-41882 (2022-11-11) -TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. "vbs", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused. -- [Live-Hack-CVE/CVE-2022-41886](https://github.com/Live-Hack-CVE/CVE-2022-41886) +- [Live-Hack-CVE/CVE-2022-41882](https://github.com/Live-Hack-CVE/CVE-2022-41882) -### CVE-2022-41887 (2022-11-18) +### CVE-2022-41892 (2022-11-10) -TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9. +Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds. -- [Live-Hack-CVE/CVE-2022-41887](https://github.com/Live-Hack-CVE/CVE-2022-41887) +- [Live-Hack-CVE/CVE-2022-41892](https://github.com/Live-Hack-CVE/CVE-2022-41892) -### CVE-2022-41888 (2022-11-18) +### CVE-2022-41904 (2022-11-11) -TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds. -- [Live-Hack-CVE/CVE-2022-41888](https://github.com/Live-Hack-CVE/CVE-2022-41888) +- [Live-Hack-CVE/CVE-2022-41904](https://github.com/Live-Hack-CVE/CVE-2022-41904) -### CVE-2022-41889 (2022-11-18) +### CVE-2022-41905 (2022-11-11) -TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration. -- [Live-Hack-CVE/CVE-2022-41889](https://github.com/Live-Hack-CVE/CVE-2022-41889) +- [Live-Hack-CVE/CVE-2022-41905](https://github.com/Live-Hack-CVE/CVE-2022-41905) -### CVE-2022-41890 (2022-11-18) +### CVE-2022-41906 (2022-11-11) -TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. -- [Live-Hack-CVE/CVE-2022-41890](https://github.com/Live-Hack-CVE/CVE-2022-41890) +- [Live-Hack-CVE/CVE-2022-41906](https://github.com/Live-Hack-CVE/CVE-2022-41906) -### CVE-2022-41891 (2022-11-18) +### CVE-2022-41913 (2022-11-14) -TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which have discourse post events enabled. This issue has been patched in commit `ca5ae3e7e` which will be included in future releases. Users unable to upgrade should disable the `discourse_post_event_enabled` setting to fully mitigate the issue. Also, it's possible to prevent regular users from using this vulnerability by removing all groups from the `discourse_post_event_allowed_on_groups` but note that moderators will still be able to use it. -- [Live-Hack-CVE/CVE-2022-41891](https://github.com/Live-Hack-CVE/CVE-2022-41891) +- [Live-Hack-CVE/CVE-2022-41913](https://github.com/Live-Hack-CVE/CVE-2022-41913) -### CVE-2022-41893 (2022-11-18) +### CVE-2022-41917 (2022-11-15) -TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. -- [Live-Hack-CVE/CVE-2022-41893](https://github.com/Live-Hack-CVE/CVE-2022-41893) +- [Live-Hack-CVE/CVE-2022-41917](https://github.com/Live-Hack-CVE/CVE-2022-41917) -### CVE-2022-41894 (2022-11-18) +### CVE-2022-41978 (2022-11-09) -TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. -- [Live-Hack-CVE/CVE-2022-41894](https://github.com/Live-Hack-CVE/CVE-2022-41894) +- [Live-Hack-CVE/CVE-2022-41978](https://github.com/Live-Hack-CVE/CVE-2022-41978) -### CVE-2022-41895 (2022-11-18) +### CVE-2022-41980 (2022-11-08) -TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress. -- [Live-Hack-CVE/CVE-2022-41895](https://github.com/Live-Hack-CVE/CVE-2022-41895) +- [Live-Hack-CVE/CVE-2022-41980](https://github.com/Live-Hack-CVE/CVE-2022-41980) -### CVE-2022-41896 (2022-11-18) +### CVE-2022-42000 (2022-11-15) -TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. -- [Live-Hack-CVE/CVE-2022-41896](https://github.com/Live-Hack-CVE/CVE-2022-41896) +- [Live-Hack-CVE/CVE-2022-42000](https://github.com/Live-Hack-CVE/CVE-2022-42000) -### CVE-2022-41897 (2022-11-18) +### CVE-2022-42001 (2022-11-15) -TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. +Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. -- [Live-Hack-CVE/CVE-2022-41897](https://github.com/Live-Hack-CVE/CVE-2022-41897) - -### CVE-2022-41898 (2022-11-18) - - -TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - - -- [Live-Hack-CVE/CVE-2022-41898](https://github.com/Live-Hack-CVE/CVE-2022-41898) - -### CVE-2022-41899 (2022-11-18) - - -TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - - -- [Live-Hack-CVE/CVE-2022-41899](https://github.com/Live-Hack-CVE/CVE-2022-41899) - -### CVE-2022-41900 (2022-11-18) - - -TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1. - - -- [Live-Hack-CVE/CVE-2022-41900](https://github.com/Live-Hack-CVE/CVE-2022-41900) - -### CVE-2022-41901 (2022-11-18) - - -TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - - -- [Live-Hack-CVE/CVE-2022-41901](https://github.com/Live-Hack-CVE/CVE-2022-41901) - -### CVE-2022-41907 (2022-11-18) - - -TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - - -- [Live-Hack-CVE/CVE-2022-41907](https://github.com/Live-Hack-CVE/CVE-2022-41907) - -### CVE-2022-41908 (2022-11-18) - - -TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - - -- [Live-Hack-CVE/CVE-2022-41908](https://github.com/Live-Hack-CVE/CVE-2022-41908) - -### CVE-2022-41909 (2022-11-18) - - -TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - - -- [Live-Hack-CVE/CVE-2022-41909](https://github.com/Live-Hack-CVE/CVE-2022-41909) - -### CVE-2022-41911 (2022-11-18) - - -TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - - -- [Live-Hack-CVE/CVE-2022-41911](https://github.com/Live-Hack-CVE/CVE-2022-41911) - -### CVE-2022-41912 (2022-11-28) - - -The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. - - -- [Live-Hack-CVE/CVE-2022-41912](https://github.com/Live-Hack-CVE/CVE-2022-41912) - -### CVE-2022-41914 (2022-11-16) - - -Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected. - - -- [Live-Hack-CVE/CVE-2022-41914](https://github.com/Live-Hack-CVE/CVE-2022-41914) - -### CVE-2022-41916 (2022-11-15) - - -Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. - - -- [Live-Hack-CVE/CVE-2022-41916](https://github.com/Live-Hack-CVE/CVE-2022-41916) - -### CVE-2022-41919 (2022-11-22) - - -Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf'. - - -- [Live-Hack-CVE/CVE-2022-41919](https://github.com/Live-Hack-CVE/CVE-2022-41919) - -### CVE-2022-41920 (2022-11-17) - - -Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. - - -- [Live-Hack-CVE/CVE-2022-41920](https://github.com/Live-Hack-CVE/CVE-2022-41920) - -### CVE-2022-41921 (2022-11-28) - - -Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available. - - -- [Live-Hack-CVE/CVE-2022-41921](https://github.com/Live-Hack-CVE/CVE-2022-41921) - -### CVE-2022-41922 (2022-11-23) - - -`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27. - - -- [Live-Hack-CVE/CVE-2022-41922](https://github.com/Live-Hack-CVE/CVE-2022-41922) - -### CVE-2022-41923 (2022-11-23) - - -Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: ``` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } ``` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin. - - -- [Live-Hack-CVE/CVE-2022-41923](https://github.com/Live-Hack-CVE/CVE-2022-41923) - -### CVE-2022-41924 (2022-11-23) - - -A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue. - - -- [Live-Hack-CVE/CVE-2022-41924](https://github.com/Live-Hack-CVE/CVE-2022-41924) - -### CVE-2022-41925 (2022-11-23) - - -A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue. - - -- [Live-Hack-CVE/CVE-2022-41925](https://github.com/Live-Hack-CVE/CVE-2022-41925) - -### CVE-2022-41926 (2022-11-25) - - -Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue. - - -- [Live-Hack-CVE/CVE-2022-41926](https://github.com/Live-Hack-CVE/CVE-2022-41926) - -### CVE-2022-41927 (2022-11-23) - - -XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ``` - - -- [Live-Hack-CVE/CVE-2022-41927](https://github.com/Live-Hack-CVE/CVE-2022-41927) - -### CVE-2022-41928 (2022-11-23) - - -XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - - -- [Live-Hack-CVE/CVE-2022-41928](https://github.com/Live-Hack-CVE/CVE-2022-41928) - -### CVE-2022-41929 (2022-11-23) - - -org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1. - - -- [Live-Hack-CVE/CVE-2022-41929](https://github.com/Live-Hack-CVE/CVE-2022-41929) - -### CVE-2022-41930 (2022-11-23) - - -org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa. - - -- [Live-Hack-CVE/CVE-2022-41930](https://github.com/Live-Hack-CVE/CVE-2022-41930) - -### CVE-2022-41931 (2022-11-23) - - -xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes. - - -- [Live-Hack-CVE/CVE-2022-41931](https://github.com/Live-Hack-CVE/CVE-2022-41931) - -### CVE-2022-41932 (2022-11-23) - - -XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue. - - -- [Live-Hack-CVE/CVE-2022-41932](https://github.com/Live-Hack-CVE/CVE-2022-41932) - -### CVE-2022-41933 (2022-11-23) - - -XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the "Forgot your password" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It's also possible for administrators to set some properties for the migration: it's possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won't be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords. - - -- [Live-Hack-CVE/CVE-2022-41933](https://github.com/Live-Hack-CVE/CVE-2022-41933) - -### CVE-2022-41934 (2022-11-23) - - -XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate. - - -- [Live-Hack-CVE/CVE-2022-41934](https://github.com/Live-Hack-CVE/CVE-2022-41934) - -### CVE-2022-41935 (2022-11-23) - - -XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue. - - -- [Live-Hack-CVE/CVE-2022-41935](https://github.com/Live-Hack-CVE/CVE-2022-41935) - -### CVE-2022-41936 (2022-11-21) - - -XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds. - - -- [Live-Hack-CVE/CVE-2022-41936](https://github.com/Live-Hack-CVE/CVE-2022-41936) - -### CVE-2022-41937 (2022-11-21) - - -XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f. - - -- [Live-Hack-CVE/CVE-2022-41937](https://github.com/Live-Hack-CVE/CVE-2022-41937) - -### CVE-2022-41938 (2022-11-18) - - -Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue. - - -- [Live-Hack-CVE/CVE-2022-41938](https://github.com/Live-Hack-CVE/CVE-2022-41938) - -### CVE-2022-41939 (2022-11-18) - - -knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack. - - -- [Live-Hack-CVE/CVE-2022-41939](https://github.com/Live-Hack-CVE/CVE-2022-41939) - -### CVE-2022-41940 (2022-11-21) - - -Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1. - - -- [Live-Hack-CVE/CVE-2022-41940](https://github.com/Live-Hack-CVE/CVE-2022-41940) - -### CVE-2022-41942 (2022-11-22) - - -Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0. - - -- [Live-Hack-CVE/CVE-2022-41942](https://github.com/Live-Hack-CVE/CVE-2022-41942) - -### CVE-2022-41943 (2022-11-22) - - -sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0. - - -- [Live-Hack-CVE/CVE-2022-41943](https://github.com/Live-Hack-CVE/CVE-2022-41943) - -### CVE-2022-41944 (2022-11-28) - - -Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available. - - -- [Live-Hack-CVE/CVE-2022-41944](https://github.com/Live-Hack-CVE/CVE-2022-41944) - -### CVE-2022-41945 (2022-11-21) - - -super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ​​into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. - - -- [Live-Hack-CVE/CVE-2022-41945](https://github.com/Live-Hack-CVE/CVE-2022-41945) - -### CVE-2022-41946 (2022-11-23) - - -pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability. - - -- [Live-Hack-CVE/CVE-2022-41946](https://github.com/Live-Hack-CVE/CVE-2022-41946) - -### CVE-2022-41950 (2022-11-22) - - -super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta. - - -- [Live-Hack-CVE/CVE-2022-41950](https://github.com/Live-Hack-CVE/CVE-2022-41950) - -### CVE-2022-41952 (2022-11-22) - - -Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file. - - -- [Live-Hack-CVE/CVE-2022-41952](https://github.com/Live-Hack-CVE/CVE-2022-41952) - -### CVE-2022-41954 (2022-11-25) - - -MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. - - -- [Live-Hack-CVE/CVE-2022-41954](https://github.com/Live-Hack-CVE/CVE-2022-41954) - -### CVE-2022-41957 (2022-11-28) - - -Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. The issue has been patched in muhammara version 3.4.0 and the fix has been backported to version 2.6.2. As a workaround, do not process files from untrusted sources. If using hummus, replace the package with muhammara. - - -- [Live-Hack-CVE/CVE-2022-41957](https://github.com/Live-Hack-CVE/CVE-2022-41957) - -### CVE-2022-41958 (2022-11-25) - - -super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue. - - -- [Live-Hack-CVE/CVE-2022-41958](https://github.com/Live-Hack-CVE/CVE-2022-41958) - -### CVE-2022-41965 (2022-11-28) - - -Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer. - - -- [Live-Hack-CVE/CVE-2022-41965](https://github.com/Live-Hack-CVE/CVE-2022-41965) - -### CVE-2022-41968 (2022-12-01) - - -Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available. - - -- [Live-Hack-CVE/CVE-2022-41968](https://github.com/Live-Hack-CVE/CVE-2022-41968) - -### CVE-2022-41969 (2022-12-01) - - -Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. - - -- [Live-Hack-CVE/CVE-2022-41969](https://github.com/Live-Hack-CVE/CVE-2022-41969) - -### CVE-2022-42003 (2022-10-02) - - -In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 - - -- [Live-Hack-CVE/CVE-2022-42003](https://github.com/Live-Hack-CVE/CVE-2022-42003) - -### CVE-2022-42004 (2022-10-02) - - -In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. - - -- [Live-Hack-CVE/CVE-2022-42004](https://github.com/Live-Hack-CVE/CVE-2022-42004) +- [Live-Hack-CVE/CVE-2022-42001](https://github.com/Live-Hack-CVE/CVE-2022-42001) ### CVE-2022-42053 (2022-11-14) @@ -7927,197 +8592,189 @@ Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a c - [Live-Hack-CVE/CVE-2022-42053](https://github.com/Live-Hack-CVE/CVE-2022-42053) -### CVE-2022-42060 (2022-11-14) +### CVE-2022-42075 (2022-10-07) -Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. +Wedding Planner v1.0 is vulnerable to arbitrary code execution. -- [Live-Hack-CVE/CVE-2022-42060](https://github.com/Live-Hack-CVE/CVE-2022-42060) +- [Live-Hack-CVE/CVE-2022-42075](https://github.com/Live-Hack-CVE/CVE-2022-42075) -### CVE-2022-42094 (2022-11-22) +### CVE-2022-42110 (2022-11-14) -Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. +A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. -- [Live-Hack-CVE/CVE-2022-42094](https://github.com/Live-Hack-CVE/CVE-2022-42094) +- [Live-Hack-CVE/CVE-2022-42110](https://github.com/Live-Hack-CVE/CVE-2022-42110) -### CVE-2022-42095 (2022-11-22) +### CVE-2022-42111 (2022-11-14) -Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. +A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload. -- [Live-Hack-CVE/CVE-2022-42095](https://github.com/Live-Hack-CVE/CVE-2022-42095) +- [Live-Hack-CVE/CVE-2022-42111](https://github.com/Live-Hack-CVE/CVE-2022-42111) -### CVE-2022-42096 (2022-11-21) +### CVE-2022-42118 (2022-11-14) -Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. +A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. -- [Live-Hack-CVE/CVE-2022-42096](https://github.com/Live-Hack-CVE/CVE-2022-42096) +- [Live-Hack-CVE/CVE-2022-42118](https://github.com/Live-Hack-CVE/CVE-2022-42118) -### CVE-2022-42097 (2022-11-22) +### CVE-2022-42119 (2022-11-14) -Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . +Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8. -- [Live-Hack-CVE/CVE-2022-42097](https://github.com/Live-Hack-CVE/CVE-2022-42097) +- [Live-Hack-CVE/CVE-2022-42119](https://github.com/Live-Hack-CVE/CVE-2022-42119) -### CVE-2022-42098 (2022-11-22) +### CVE-2022-42120 (2022-11-14) -KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php. +A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute. -- [Live-Hack-CVE/CVE-2022-42098](https://github.com/Live-Hack-CVE/CVE-2022-42098) +- [Live-Hack-CVE/CVE-2022-42120](https://github.com/Live-Hack-CVE/CVE-2022-42120) -### CVE-2022-42099 (2022-11-28) +### CVE-2022-42121 (2022-11-14) -KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. +A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field. -- [Live-Hack-CVE/CVE-2022-42099](https://github.com/Live-Hack-CVE/CVE-2022-42099) +- [Live-Hack-CVE/CVE-2022-42121](https://github.com/Live-Hack-CVE/CVE-2022-42121) -### CVE-2022-42100 (2022-11-28) +### CVE-2022-42122 (2022-11-14) -KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. +A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. -- [Live-Hack-CVE/CVE-2022-42100](https://github.com/Live-Hack-CVE/CVE-2022-42100) +- [Live-Hack-CVE/CVE-2022-42122](https://github.com/Live-Hack-CVE/CVE-2022-42122) -### CVE-2022-42109 (2022-11-28) +### CVE-2022-42123 (2022-11-14) -Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. +A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin. -- [Live-Hack-CVE/CVE-2022-42109](https://github.com/Live-Hack-CVE/CVE-2022-42109) +- [Live-Hack-CVE/CVE-2022-42123](https://github.com/Live-Hack-CVE/CVE-2022-42123) -### CVE-2022-42227 (2022-10-19) +### CVE-2022-42124 (2022-11-14) -jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer. +ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype. -- [Live-Hack-CVE/CVE-2022-42227](https://github.com/Live-Hack-CVE/CVE-2022-42227) +- [Live-Hack-CVE/CVE-2022-42124](https://github.com/Live-Hack-CVE/CVE-2022-42124) -### CVE-2022-42309 (2022-11-01) +### CVE-2022-42125 (2022-11-14) -Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. +Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. -- [Live-Hack-CVE/CVE-2022-42309](https://github.com/Live-Hack-CVE/CVE-2022-42309) +- [Live-Hack-CVE/CVE-2022-42125](https://github.com/Live-Hack-CVE/CVE-2022-42125) -### CVE-2022-42310 (2022-11-01) +### CVE-2022-42126 (2022-11-14) -Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base. +The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI. -- [Live-Hack-CVE/CVE-2022-42310](https://github.com/Live-Hack-CVE/CVE-2022-42310) +- [Live-Hack-CVE/CVE-2022-42126](https://github.com/Live-Hack-CVE/CVE-2022-42126) -### CVE-2022-42311 (2022-11-01) +### CVE-2022-42127 (2022-11-14) -Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction +The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. -- [Live-Hack-CVE/CVE-2022-42311](https://github.com/Live-Hack-CVE/CVE-2022-42311) +- [Live-Hack-CVE/CVE-2022-42127](https://github.com/Live-Hack-CVE/CVE-2022-42127) -### CVE-2022-42317 (2022-11-01) +### CVE-2022-42128 (2022-11-14) -Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction +The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API. -- [Live-Hack-CVE/CVE-2022-42317](https://github.com/Live-Hack-CVE/CVE-2022-42317) +- [Live-Hack-CVE/CVE-2022-42128](https://github.com/Live-Hack-CVE/CVE-2022-42128) -### CVE-2022-42318 (2022-11-01) +### CVE-2022-42129 (2022-11-14) -Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction +An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. -- [Live-Hack-CVE/CVE-2022-42318](https://github.com/Live-Hack-CVE/CVE-2022-42318) +- [Live-Hack-CVE/CVE-2022-42129](https://github.com/Live-Hack-CVE/CVE-2022-42129) -### CVE-2022-42319 (2022-11-01) +### CVE-2022-42130 (2022-11-14) -Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored. +The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. -- [Live-Hack-CVE/CVE-2022-42319](https://github.com/Live-Hack-CVE/CVE-2022-42319) +- [Live-Hack-CVE/CVE-2022-42130](https://github.com/Live-Hack-CVE/CVE-2022-42130) -### CVE-2022-42320 (2022-11-01) +### CVE-2022-42131 (2022-11-14) -Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. +Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3. -- [Live-Hack-CVE/CVE-2022-42320](https://github.com/Live-Hack-CVE/CVE-2022-42320) +- [Live-Hack-CVE/CVE-2022-42131](https://github.com/Live-Hack-CVE/CVE-2022-42131) -### CVE-2022-42321 (2022-11-01) +### CVE-2022-42132 (2022-11-14) -Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. +The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. -- [Live-Hack-CVE/CVE-2022-42321](https://github.com/Live-Hack-CVE/CVE-2022-42321) +- [Live-Hack-CVE/CVE-2022-42132](https://github.com/Live-Hack-CVE/CVE-2022-42132) -### CVE-2022-42322 (2022-11-01) +### CVE-2022-42187 (2022-11-16) -Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota. +Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. -- [Live-Hack-CVE/CVE-2022-42322](https://github.com/Live-Hack-CVE/CVE-2022-42322) +- [Live-Hack-CVE/CVE-2022-42187](https://github.com/Live-Hack-CVE/CVE-2022-42187) -### CVE-2022-42323 (2022-11-01) +### CVE-2022-42245 (2022-11-16) -Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota. +Dreamer CMS 4.0.01 is vulnerable to SQL Injection. -- [Live-Hack-CVE/CVE-2022-42323](https://github.com/Live-Hack-CVE/CVE-2022-42323) +- [Live-Hack-CVE/CVE-2022-42245](https://github.com/Live-Hack-CVE/CVE-2022-42245) -### CVE-2022-42325 (2022-11-01) +### CVE-2022-42246 (2022-11-16) -Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. +Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. -- [Live-Hack-CVE/CVE-2022-42325](https://github.com/Live-Hack-CVE/CVE-2022-42325) +- [Live-Hack-CVE/CVE-2022-42246](https://github.com/Live-Hack-CVE/CVE-2022-42246) -### CVE-2022-42326 (2022-11-01) +### CVE-2022-42457 (2022-10-06) -Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. +Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh). -- [Live-Hack-CVE/CVE-2022-42326](https://github.com/Live-Hack-CVE/CVE-2022-42326) +- [Live-Hack-CVE/CVE-2022-42457](https://github.com/Live-Hack-CVE/CVE-2022-42457) -### CVE-2022-42327 (2022-11-01) +### CVE-2022-42460 (2022-11-10) -x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. +Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. -- [Live-Hack-CVE/CVE-2022-42327](https://github.com/Live-Hack-CVE/CVE-2022-42327) - -### CVE-2022-42459 (2022-11-18) - - -Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-42459](https://github.com/Live-Hack-CVE/CVE-2022-42459) +- [Live-Hack-CVE/CVE-2022-42460](https://github.com/Live-Hack-CVE/CVE-2022-42460) ### CVE-2022-42461 (2022-11-18) @@ -8127,6 +8784,14 @@ Broken Access Control vulnerability in miniOrange's Google Authenticator plugin - [Live-Hack-CVE/CVE-2022-42461](https://github.com/Live-Hack-CVE/CVE-2022-42461) +### CVE-2022-42494 (2022-11-08) + + +Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. + + +- [Live-Hack-CVE/CVE-2022-42494](https://github.com/Live-Hack-CVE/CVE-2022-42494) + ### CVE-2022-42497 (2022-11-18) @@ -8135,14 +8800,6 @@ Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= - [Live-Hack-CVE/CVE-2022-42497](https://github.com/Live-Hack-CVE/CVE-2022-42497) -### CVE-2022-42533 (2022-11-17) - - -In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A - - -- [Live-Hack-CVE/CVE-2022-42533](https://github.com/Live-Hack-CVE/CVE-2022-42533) - ### CVE-2022-42698 (2022-11-18) @@ -8151,6 +8808,14 @@ Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connect - [Live-Hack-CVE/CVE-2022-42698](https://github.com/Live-Hack-CVE/CVE-2022-42698) +### CVE-2022-42707 (2022-11-06) + + +In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. + + +- [Live-Hack-CVE/CVE-2022-42707](https://github.com/Live-Hack-CVE/CVE-2022-42707) + ### CVE-2022-42720 (2022-10-13) @@ -8175,62 +8840,6 @@ In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to i - [Live-Hack-CVE/CVE-2022-42722](https://github.com/Live-Hack-CVE/CVE-2022-42722) -### CVE-2022-42732 (2022-11-17) - - -A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. - - -- [Live-Hack-CVE/CVE-2022-42732](https://github.com/Live-Hack-CVE/CVE-2022-42732) - -### CVE-2022-42733 (2022-11-17) - - -A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. - - -- [Live-Hack-CVE/CVE-2022-42733](https://github.com/Live-Hack-CVE/CVE-2022-42733) - -### CVE-2022-42734 (2022-11-17) - - -A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. - - -- [Live-Hack-CVE/CVE-2022-42734](https://github.com/Live-Hack-CVE/CVE-2022-42734) - -### CVE-2022-42746 (2022-11-03) - - -CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. - - -- [Live-Hack-CVE/CVE-2022-42746](https://github.com/Live-Hack-CVE/CVE-2022-42746) - -### CVE-2022-42747 (2022-11-03) - - -CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. - - -- [Live-Hack-CVE/CVE-2022-42747](https://github.com/Live-Hack-CVE/CVE-2022-42747) - -### CVE-2022-42748 (2022-11-03) - - -CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. - - -- [Live-Hack-CVE/CVE-2022-42748](https://github.com/Live-Hack-CVE/CVE-2022-42748) - -### CVE-2022-42749 (2022-11-03) - - -CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. - - -- [Live-Hack-CVE/CVE-2022-42749](https://github.com/Live-Hack-CVE/CVE-2022-42749) - ### CVE-2022-42785 (2022-11-15) @@ -8239,53 +8848,13 @@ Multiple W&T products of the ComServer Series are prone to an authentication - [Live-Hack-CVE/CVE-2022-42785](https://github.com/Live-Hack-CVE/CVE-2022-42785) -### CVE-2022-42787 (2022-11-10) +### CVE-2022-42786 (2022-11-10) -Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required. +Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage -- [Live-Hack-CVE/CVE-2022-42787](https://github.com/Live-Hack-CVE/CVE-2022-42787) - -### CVE-2022-42801 (2022-11-01) - - -A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. - - -- [Live-Hack-CVE/CVE-2022-42801](https://github.com/Live-Hack-CVE/CVE-2022-42801) - -### CVE-2022-42883 (2022-11-18) - - -Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-42883](https://github.com/Live-Hack-CVE/CVE-2022-42883) - -### CVE-2022-42889 (2022-10-13) - - -Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. - - -- [Live-Hack-CVE/CVE-2022-42889](https://github.com/Live-Hack-CVE/CVE-2022-42889) - -### CVE-2022-42891 (2022-11-17) - - -A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. - - -- [Live-Hack-CVE/CVE-2022-42891](https://github.com/Live-Hack-CVE/CVE-2022-42891) - -### CVE-2022-42892 (2022-11-17) - - -A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool. - - -- [Live-Hack-CVE/CVE-2022-42892](https://github.com/Live-Hack-CVE/CVE-2022-42892) +- [Live-Hack-CVE/CVE-2022-42786](https://github.com/Live-Hack-CVE/CVE-2022-42786) ### CVE-2022-42893 (2022-11-17) @@ -8303,45 +8872,37 @@ A vulnerability has been identified in syngo Dynamics (All versions < VA40G H - [Live-Hack-CVE/CVE-2022-42894](https://github.com/Live-Hack-CVE/CVE-2022-42894) -### CVE-2022-42895 (2022-11-23) +### CVE-2022-42902 (2022-10-12) -There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url +In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. -- [Live-Hack-CVE/CVE-2022-42895](https://github.com/Live-Hack-CVE/CVE-2022-42895) +- [Live-Hack-CVE/CVE-2022-42902](https://github.com/Live-Hack-CVE/CVE-2022-42902) -### CVE-2022-42896 (2022-11-23) +### CVE-2022-42954 (2022-11-16) -There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url +Keyfactor EJBCA before 7.10.0 allows XSS. -- [Live-Hack-CVE/CVE-2022-42896](https://github.com/Live-Hack-CVE/CVE-2022-42896) +- [Live-Hack-CVE/CVE-2022-42954](https://github.com/Live-Hack-CVE/CVE-2022-42954) -### CVE-2022-42903 (2022-11-17) +### CVE-2022-42955 (2022-11-07) -Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. +The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. -- [Live-Hack-CVE/CVE-2022-42903](https://github.com/Live-Hack-CVE/CVE-2022-42903) +- [Live-Hack-CVE/CVE-2022-42955](https://github.com/Live-Hack-CVE/CVE-2022-42955) -### CVE-2022-42904 (2022-11-18) +### CVE-2022-42956 (2022-11-07) -Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. +The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. -- [Live-Hack-CVE/CVE-2022-42904](https://github.com/Live-Hack-CVE/CVE-2022-42904) - -### CVE-2022-42905 (2022-11-06) - - -In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) - - -- [Live-Hack-CVE/CVE-2022-42905](https://github.com/Live-Hack-CVE/CVE-2022-42905) +- [Live-Hack-CVE/CVE-2022-42956](https://github.com/Live-Hack-CVE/CVE-2022-42956) ### CVE-2022-42960 (2022-11-16) @@ -8351,21 +8912,37 @@ EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, - [Live-Hack-CVE/CVE-2022-42960](https://github.com/Live-Hack-CVE/CVE-2022-42960) -### CVE-2022-42965 (2022-11-09) +### CVE-2022-42964 (2022-11-09) -An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method +An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method -- [Live-Hack-CVE/CVE-2022-42965](https://github.com/Live-Hack-CVE/CVE-2022-42965) +- [Live-Hack-CVE/CVE-2022-42964](https://github.com/Live-Hack-CVE/CVE-2022-42964) -### CVE-2022-42968 (2022-10-15) +### CVE-2022-42966 (2022-11-09) -Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. +An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method -- [Live-Hack-CVE/CVE-2022-42968](https://github.com/Live-Hack-CVE/CVE-2022-42968) +- [Live-Hack-CVE/CVE-2022-42966](https://github.com/Live-Hack-CVE/CVE-2022-42966) + +### CVE-2022-42977 (2022-11-14) + + +The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. + + +- [Live-Hack-CVE/CVE-2022-42977](https://github.com/Live-Hack-CVE/CVE-2022-42977) + +### CVE-2022-42978 (2022-11-14) + + +In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. + + +- [Live-Hack-CVE/CVE-2022-42978](https://github.com/Live-Hack-CVE/CVE-2022-42978) ### CVE-2022-42982 (2022-11-16) @@ -8375,53 +8952,205 @@ BKG Professional NtripCaster 2.0.39 allows querying information over the UDP pro - [Live-Hack-CVE/CVE-2022-42982](https://github.com/Live-Hack-CVE/CVE-2022-42982) -### CVE-2022-42989 (2022-11-22) +### CVE-2022-42984 (2022-11-14) -ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. +WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. -- [Live-Hack-CVE/CVE-2022-42989](https://github.com/Live-Hack-CVE/CVE-2022-42989) +- [Live-Hack-CVE/CVE-2022-42984](https://github.com/Live-Hack-CVE/CVE-2022-42984) -### CVE-2022-43071 (2022-11-15) +### CVE-2022-42985 (2022-11-16) -A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. +The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). -- [Live-Hack-CVE/CVE-2022-43071](https://github.com/Live-Hack-CVE/CVE-2022-43071) +- [Live-Hack-CVE/CVE-2022-42985](https://github.com/Live-Hack-CVE/CVE-2022-42985) -### CVE-2022-43096 (2022-11-17) +### CVE-2022-42990 (2022-11-07) -Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. +Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. -- [Live-Hack-CVE/CVE-2022-43096](https://github.com/Live-Hack-CVE/CVE-2022-43096) +- [Live-Hack-CVE/CVE-2022-42990](https://github.com/Live-Hack-CVE/CVE-2022-42990) -### CVE-2022-43117 (2022-11-21) +### CVE-2022-43030 (2022-11-14) -Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. +Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges -- [Live-Hack-CVE/CVE-2022-43117](https://github.com/Live-Hack-CVE/CVE-2022-43117) +- [Live-Hack-CVE/CVE-2022-43030](https://github.com/Live-Hack-CVE/CVE-2022-43030) -### CVE-2022-43143 (2022-11-21) +### CVE-2022-43031 (2022-11-09) -A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. +DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. -- [Live-Hack-CVE/CVE-2022-43143](https://github.com/Live-Hack-CVE/CVE-2022-43143) +- [Live-Hack-CVE/CVE-2022-43031](https://github.com/Live-Hack-CVE/CVE-2022-43031) -### CVE-2022-43171 (2022-11-17) +### CVE-2022-43046 (2022-11-07) -A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. +Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. -- [Live-Hack-CVE/CVE-2022-43171](https://github.com/Live-Hack-CVE/CVE-2022-43171) +- [Live-Hack-CVE/CVE-2022-43046](https://github.com/Live-Hack-CVE/CVE-2022-43046) + +### CVE-2022-43049 (2022-11-07) + + +Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. + + +- [Live-Hack-CVE/CVE-2022-43049](https://github.com/Live-Hack-CVE/CVE-2022-43049) + +### CVE-2022-43050 (2022-11-07) + + +Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. + + +- [Live-Hack-CVE/CVE-2022-43050](https://github.com/Live-Hack-CVE/CVE-2022-43050) + +### CVE-2022-43051 (2022-11-07) + + +Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. + + +- [Live-Hack-CVE/CVE-2022-43051](https://github.com/Live-Hack-CVE/CVE-2022-43051) + +### CVE-2022-43052 (2022-11-07) + + +Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. + + +- [Live-Hack-CVE/CVE-2022-43052](https://github.com/Live-Hack-CVE/CVE-2022-43052) + +### CVE-2022-43058 (2022-11-09) + + +Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity. + + +- [Live-Hack-CVE/CVE-2022-43058](https://github.com/Live-Hack-CVE/CVE-2022-43058) + +### CVE-2022-43074 (2022-11-10) + + +AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. + + +- [Live-Hack-CVE/CVE-2022-43074](https://github.com/Live-Hack-CVE/CVE-2022-43074) + +### CVE-2022-43118 (2022-11-09) + + +A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. + + +- [Live-Hack-CVE/CVE-2022-43118](https://github.com/Live-Hack-CVE/CVE-2022-43118) + +### CVE-2022-43119 (2022-11-09) + + +A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. + + +- [Live-Hack-CVE/CVE-2022-43119](https://github.com/Live-Hack-CVE/CVE-2022-43119) + +### CVE-2022-43120 (2022-11-09) + + +A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. + + +- [Live-Hack-CVE/CVE-2022-43120](https://github.com/Live-Hack-CVE/CVE-2022-43120) + +### CVE-2022-43121 (2022-11-09) + + +A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. + + +- [Live-Hack-CVE/CVE-2022-43121](https://github.com/Live-Hack-CVE/CVE-2022-43121) + +### CVE-2022-43135 (2022-11-16) + + +Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. + + +- [Live-Hack-CVE/CVE-2022-43135](https://github.com/Live-Hack-CVE/CVE-2022-43135) + +### CVE-2022-43138 (2022-11-17) + + +Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. + + +- [Live-Hack-CVE/CVE-2022-43138](https://github.com/Live-Hack-CVE/CVE-2022-43138) + +### CVE-2022-43140 (2022-11-17) + + +kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. + + +- [Live-Hack-CVE/CVE-2022-43140](https://github.com/Live-Hack-CVE/CVE-2022-43140) + +### CVE-2022-43142 (2022-11-17) + + +A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. + + +- [Live-Hack-CVE/CVE-2022-43142](https://github.com/Live-Hack-CVE/CVE-2022-43142) + +### CVE-2022-43144 (2022-11-08) + + +A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. + + +- [Live-Hack-CVE/CVE-2022-43144](https://github.com/Live-Hack-CVE/CVE-2022-43144) + +### CVE-2022-43146 (2022-11-14) + + +An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. + + +- [Live-Hack-CVE/CVE-2022-43146](https://github.com/Live-Hack-CVE/CVE-2022-43146) + +### CVE-2022-43162 (2022-11-17) + + +Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php. + + +- [Live-Hack-CVE/CVE-2022-43162](https://github.com/Live-Hack-CVE/CVE-2022-43162) + +### CVE-2022-43163 (2022-11-17) + + +Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php. + + +- [Live-Hack-CVE/CVE-2022-43163](https://github.com/Live-Hack-CVE/CVE-2022-43163) + +### CVE-2022-43179 (2022-11-17) + + +Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=. + + +- [Live-Hack-CVE/CVE-2022-43179](https://github.com/Live-Hack-CVE/CVE-2022-43179) ### CVE-2022-43183 (2022-11-17) @@ -8431,85 +9160,317 @@ XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the comp - [Live-Hack-CVE/CVE-2022-43183](https://github.com/Live-Hack-CVE/CVE-2022-43183) -### CVE-2022-43192 (2022-11-17) +### CVE-2022-43234 (2022-11-16) -An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. +An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. -- [Live-Hack-CVE/CVE-2022-43192](https://github.com/Live-Hack-CVE/CVE-2022-43192) +- [Live-Hack-CVE/CVE-2022-43234](https://github.com/Live-Hack-CVE/CVE-2022-43234) -### CVE-2022-43196 (2022-11-23) +### CVE-2022-43256 (2022-11-16) -dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. +SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. -- [Live-Hack-CVE/CVE-2022-43196](https://github.com/Live-Hack-CVE/CVE-2022-43196) +- [Live-Hack-CVE/CVE-2022-43256](https://github.com/Live-Hack-CVE/CVE-2022-43256) -### CVE-2022-43212 (2022-11-22) +### CVE-2022-43262 (2022-11-16) -Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. +Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. -- [Live-Hack-CVE/CVE-2022-43212](https://github.com/Live-Hack-CVE/CVE-2022-43212) +- [Live-Hack-CVE/CVE-2022-43262](https://github.com/Live-Hack-CVE/CVE-2022-43262) -### CVE-2022-43213 (2022-11-22) +### CVE-2022-43263 (2022-11-16) -Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. +A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file. -- [Live-Hack-CVE/CVE-2022-43213](https://github.com/Live-Hack-CVE/CVE-2022-43213) +- [Live-Hack-CVE/CVE-2022-43263](https://github.com/Live-Hack-CVE/CVE-2022-43263) -### CVE-2022-43214 (2022-11-21) +### CVE-2022-43264 (2022-11-16) -Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. +Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. -- [Live-Hack-CVE/CVE-2022-43214](https://github.com/Live-Hack-CVE/CVE-2022-43214) +- [Live-Hack-CVE/CVE-2022-43264](https://github.com/Live-Hack-CVE/CVE-2022-43264) -### CVE-2022-43215 (2022-11-21) +### CVE-2022-43265 (2022-11-15) -Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. +An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. -- [Live-Hack-CVE/CVE-2022-43215](https://github.com/Live-Hack-CVE/CVE-2022-43215) +- [Live-Hack-CVE/CVE-2022-43265](https://github.com/Live-Hack-CVE/CVE-2022-43265) -### CVE-2022-43229 (2022-10-28) +### CVE-2022-43277 (2022-11-09) -Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. +Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. -- [Live-Hack-CVE/CVE-2022-43229](https://github.com/Live-Hack-CVE/CVE-2022-43229) +- [Live-Hack-CVE/CVE-2022-43277](https://github.com/Live-Hack-CVE/CVE-2022-43277) -### CVE-2022-43272 (2022-12-02) +### CVE-2022-43278 (2022-11-09) -DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. +Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. -- [Live-Hack-CVE/CVE-2022-43272](https://github.com/Live-Hack-CVE/CVE-2022-43272) +- [Live-Hack-CVE/CVE-2022-43278](https://github.com/Live-Hack-CVE/CVE-2022-43278) -### CVE-2022-43308 (2022-11-17) +### CVE-2022-43279 (2022-11-15) -INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. +LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. -- [Live-Hack-CVE/CVE-2022-43308](https://github.com/Live-Hack-CVE/CVE-2022-43308) +- [Live-Hack-CVE/CVE-2022-43279](https://github.com/Live-Hack-CVE/CVE-2022-43279) -### CVE-2022-43325 (2022-12-01) +### CVE-2022-43288 (2022-11-14) -An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. +Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. -- [Live-Hack-CVE/CVE-2022-43325](https://github.com/Live-Hack-CVE/CVE-2022-43325) +- [Live-Hack-CVE/CVE-2022-43288](https://github.com/Live-Hack-CVE/CVE-2022-43288) + +### CVE-2022-43290 (2022-11-09) + + +Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. + + +- [Live-Hack-CVE/CVE-2022-43290](https://github.com/Live-Hack-CVE/CVE-2022-43290) + +### CVE-2022-43291 (2022-11-09) + + +Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. + + +- [Live-Hack-CVE/CVE-2022-43291](https://github.com/Live-Hack-CVE/CVE-2022-43291) + +### CVE-2022-43292 (2022-11-09) + + +Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. + + +- [Live-Hack-CVE/CVE-2022-43292](https://github.com/Live-Hack-CVE/CVE-2022-43292) + +### CVE-2022-43294 (2022-11-14) + + +Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp. + + +- [Live-Hack-CVE/CVE-2022-43294](https://github.com/Live-Hack-CVE/CVE-2022-43294) + +### CVE-2022-43295 (2022-11-14) + + +XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. + + +- [Live-Hack-CVE/CVE-2022-43295](https://github.com/Live-Hack-CVE/CVE-2022-43295) + +### CVE-2022-43303 (2022-11-07) + + +The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. + + +- [Live-Hack-CVE/CVE-2022-43303](https://github.com/Live-Hack-CVE/CVE-2022-43303) + +### CVE-2022-43304 (2022-11-07) + + +The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. + + +- [Live-Hack-CVE/CVE-2022-43304](https://github.com/Live-Hack-CVE/CVE-2022-43304) + +### CVE-2022-43305 (2022-11-07) + + +The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. + + +- [Live-Hack-CVE/CVE-2022-43305](https://github.com/Live-Hack-CVE/CVE-2022-43305) + +### CVE-2022-43306 (2022-11-07) + + +The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0. + + +- [Live-Hack-CVE/CVE-2022-43306](https://github.com/Live-Hack-CVE/CVE-2022-43306) + +### CVE-2022-43310 (2022-11-09) + + +An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. + + +- [Live-Hack-CVE/CVE-2022-43310](https://github.com/Live-Hack-CVE/CVE-2022-43310) + +### CVE-2022-43317 (2022-11-07) + + +A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. + + +- [Live-Hack-CVE/CVE-2022-43317](https://github.com/Live-Hack-CVE/CVE-2022-43317) + +### CVE-2022-43318 (2022-11-07) + + +Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. + + +- [Live-Hack-CVE/CVE-2022-43318](https://github.com/Live-Hack-CVE/CVE-2022-43318) + +### CVE-2022-43319 (2022-11-07) + + +An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. + + +- [Live-Hack-CVE/CVE-2022-43319](https://github.com/Live-Hack-CVE/CVE-2022-43319) + +### CVE-2022-43320 (2022-11-09) + + +FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. + + +- [Live-Hack-CVE/CVE-2022-43320](https://github.com/Live-Hack-CVE/CVE-2022-43320) + +### CVE-2022-43321 (2022-11-09) + + +Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. + + +- [Live-Hack-CVE/CVE-2022-43321](https://github.com/Live-Hack-CVE/CVE-2022-43321) + +### CVE-2022-43323 (2022-11-14) + + +EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. + + +- [Live-Hack-CVE/CVE-2022-43323](https://github.com/Live-Hack-CVE/CVE-2022-43323) + +### CVE-2022-43332 (2022-11-17) + + +A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. + + +- [Live-Hack-CVE/CVE-2022-43332](https://github.com/Live-Hack-CVE/CVE-2022-43332) + +### CVE-2022-43342 (2022-11-14) + + +A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. + + +- [Live-Hack-CVE/CVE-2022-43342](https://github.com/Live-Hack-CVE/CVE-2022-43342) + +### CVE-2022-43343 (2022-11-08) + + +N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c. + + +- [Live-Hack-CVE/CVE-2022-43343](https://github.com/Live-Hack-CVE/CVE-2022-43343) + +### CVE-2022-43350 (2022-11-07) + + +Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. + + +- [Live-Hack-CVE/CVE-2022-43350](https://github.com/Live-Hack-CVE/CVE-2022-43350) + +### CVE-2022-43351 (2022-11-07) + + +Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. + + +- [Live-Hack-CVE/CVE-2022-43351](https://github.com/Live-Hack-CVE/CVE-2022-43351) + +### CVE-2022-43352 (2022-11-07) + + +Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. + + +- [Live-Hack-CVE/CVE-2022-43352](https://github.com/Live-Hack-CVE/CVE-2022-43352) + +### CVE-2022-43359 (2022-11-07) + + +Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file. + + +- [Live-Hack-CVE/CVE-2022-43359](https://github.com/Live-Hack-CVE/CVE-2022-43359) + +### CVE-2022-43397 (2022-11-08) + + +A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17854) + + +- [Live-Hack-CVE/CVE-2022-43397](https://github.com/Live-Hack-CVE/CVE-2022-43397) + +### CVE-2022-43398 (2022-11-08) + + +A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session. + + +- [Live-Hack-CVE/CVE-2022-43398](https://github.com/Live-Hack-CVE/CVE-2022-43398) + +### CVE-2022-43439 (2022-11-08) + + +A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. + + +- [Live-Hack-CVE/CVE-2022-43439](https://github.com/Live-Hack-CVE/CVE-2022-43439) + +### CVE-2022-43447 (2022-11-17) + + +SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network + + +- [Live-Hack-CVE/CVE-2022-43447](https://github.com/Live-Hack-CVE/CVE-2022-43447) + +### CVE-2022-43452 (2022-11-17) + + +SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network + + +- [Live-Hack-CVE/CVE-2022-43452](https://github.com/Live-Hack-CVE/CVE-2022-43452) + +### CVE-2022-43457 (2022-11-17) + + +SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network + + +- [Live-Hack-CVE/CVE-2022-43457](https://github.com/Live-Hack-CVE/CVE-2022-43457) ### CVE-2022-43463 (2022-11-18) @@ -8519,6 +9480,14 @@ Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product - [Live-Hack-CVE/CVE-2022-43463](https://github.com/Live-Hack-CVE/CVE-2022-43463) +### CVE-2022-43481 (2022-11-08) + + +Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. + + +- [Live-Hack-CVE/CVE-2022-43481](https://github.com/Live-Hack-CVE/CVE-2022-43481) + ### CVE-2022-43482 (2022-11-18) @@ -8527,125 +9496,277 @@ Missing Authorization vulnerability in Appointment Booking Calendar plugin <= - [Live-Hack-CVE/CVE-2022-43482](https://github.com/Live-Hack-CVE/CVE-2022-43482) -### CVE-2022-43492 (2022-11-18) +### CVE-2022-43488 (2022-11-09) -Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress. +Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. -- [Live-Hack-CVE/CVE-2022-43492](https://github.com/Live-Hack-CVE/CVE-2022-43492) +- [Live-Hack-CVE/CVE-2022-43488](https://github.com/Live-Hack-CVE/CVE-2022-43488) -### CVE-2022-43588 (2022-11-28) +### CVE-2022-43491 (2022-11-08) -A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. +Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. -- [Live-Hack-CVE/CVE-2022-43588](https://github.com/Live-Hack-CVE/CVE-2022-43588) +- [Live-Hack-CVE/CVE-2022-43491](https://github.com/Live-Hack-CVE/CVE-2022-43491) -### CVE-2022-43589 (2022-11-28) +### CVE-2022-43506 (2022-11-17) -A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. +SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network -- [Live-Hack-CVE/CVE-2022-43589](https://github.com/Live-Hack-CVE/CVE-2022-43589) +- [Live-Hack-CVE/CVE-2022-43506](https://github.com/Live-Hack-CVE/CVE-2022-43506) -### CVE-2022-43590 (2022-11-28) +### CVE-2022-43545 (2022-11-08) -A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. +A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. -- [Live-Hack-CVE/CVE-2022-43590](https://github.com/Live-Hack-CVE/CVE-2022-43590) +- [Live-Hack-CVE/CVE-2022-43545](https://github.com/Live-Hack-CVE/CVE-2022-43545) -### CVE-2022-43673 (2022-11-18) +### CVE-2022-43546 (2022-11-08) -Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. +A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. -- [Live-Hack-CVE/CVE-2022-43673](https://github.com/Live-Hack-CVE/CVE-2022-43673) +- [Live-Hack-CVE/CVE-2022-43546](https://github.com/Live-Hack-CVE/CVE-2022-43546) -### CVE-2022-43680 (2022-10-23) +### CVE-2022-43562 (2022-11-04) -In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. +In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. -- [Live-Hack-CVE/CVE-2022-43680](https://github.com/Live-Hack-CVE/CVE-2022-43680) +- [Live-Hack-CVE/CVE-2022-43562](https://github.com/Live-Hack-CVE/CVE-2022-43562) -### CVE-2022-43685 (2022-11-21) +### CVE-2022-43563 (2022-11-04) -CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts. +In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. -- [Live-Hack-CVE/CVE-2022-43685](https://github.com/Live-Hack-CVE/CVE-2022-43685) +- [Live-Hack-CVE/CVE-2022-43563](https://github.com/Live-Hack-CVE/CVE-2022-43563) -### CVE-2022-43705 (2022-11-26) +### CVE-2022-43564 (2022-11-04) -In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). +In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. -- [Live-Hack-CVE/CVE-2022-43705](https://github.com/Live-Hack-CVE/CVE-2022-43705) +- [Live-Hack-CVE/CVE-2022-43564](https://github.com/Live-Hack-CVE/CVE-2022-43564) -### CVE-2022-43707 (2022-11-21) +### CVE-2022-43565 (2022-11-04) -MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data +In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. -- [Live-Hack-CVE/CVE-2022-43707](https://github.com/Live-Hack-CVE/CVE-2022-43707) +- [Live-Hack-CVE/CVE-2022-43565](https://github.com/Live-Hack-CVE/CVE-2022-43565) -### CVE-2022-43708 (2022-11-21) +### CVE-2022-43566 (2022-11-04) -MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name +In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. -- [Live-Hack-CVE/CVE-2022-43708](https://github.com/Live-Hack-CVE/CVE-2022-43708) +- [Live-Hack-CVE/CVE-2022-43566](https://github.com/Live-Hack-CVE/CVE-2022-43566) -### CVE-2022-43709 (2022-11-21) +### CVE-2022-43567 (2022-11-04) -MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. +In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. -- [Live-Hack-CVE/CVE-2022-43709](https://github.com/Live-Hack-CVE/CVE-2022-43709) +- [Live-Hack-CVE/CVE-2022-43567](https://github.com/Live-Hack-CVE/CVE-2022-43567) -### CVE-2022-43751 (2022-11-22) +### CVE-2022-43569 (2022-11-04) -McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges. +In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. -- [Live-Hack-CVE/CVE-2022-43751](https://github.com/Live-Hack-CVE/CVE-2022-43751) +- [Live-Hack-CVE/CVE-2022-43569](https://github.com/Live-Hack-CVE/CVE-2022-43569) -### CVE-2022-43983 (2022-11-25) +### CVE-2022-43570 (2022-11-04) -Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol. +In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. -- [Live-Hack-CVE/CVE-2022-43983](https://github.com/Live-Hack-CVE/CVE-2022-43983) +- [Live-Hack-CVE/CVE-2022-43570](https://github.com/Live-Hack-CVE/CVE-2022-43570) -### CVE-2022-43984 (2022-11-25) +### CVE-2022-43572 (2022-11-04) -Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol. +In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. -- [Live-Hack-CVE/CVE-2022-43984](https://github.com/Live-Hack-CVE/CVE-2022-43984) +- [Live-Hack-CVE/CVE-2022-43572](https://github.com/Live-Hack-CVE/CVE-2022-43572) -### CVE-2022-43995 (2022-11-02) +### CVE-2022-43671 (2022-11-11) -Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. +Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. -- [Live-Hack-CVE/CVE-2022-43995](https://github.com/Live-Hack-CVE/CVE-2022-43995) +- [Live-Hack-CVE/CVE-2022-43671](https://github.com/Live-Hack-CVE/CVE-2022-43671) + +### CVE-2022-43672 (2022-11-11) + + +Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. + + +- [Live-Hack-CVE/CVE-2022-43672](https://github.com/Live-Hack-CVE/CVE-2022-43672) + +### CVE-2022-43679 (2022-11-10) + + +The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. + + +- [Live-Hack-CVE/CVE-2022-43679](https://github.com/Live-Hack-CVE/CVE-2022-43679) + +### CVE-2022-43686 (2022-11-14) + + +In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). + + +- [Live-Hack-CVE/CVE-2022-43686](https://github.com/Live-Hack-CVE/CVE-2022-43686) + +### CVE-2022-43687 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. + + +- [Live-Hack-CVE/CVE-2022-43687](https://github.com/Live-Hack-CVE/CVE-2022-43687) + +### CVE-2022-43688 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. + + +- [Live-Hack-CVE/CVE-2022-43688](https://github.com/Live-Hack-CVE/CVE-2022-43688) + +### CVE-2022-43689 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. + + +- [Live-Hack-CVE/CVE-2022-43689](https://github.com/Live-Hack-CVE/CVE-2022-43689) + +### CVE-2022-43690 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. + + +- [Live-Hack-CVE/CVE-2022-43690](https://github.com/Live-Hack-CVE/CVE-2022-43690) + +### CVE-2022-43691 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production. + + +- [Live-Hack-CVE/CVE-2022-43691](https://github.com/Live-Hack-CVE/CVE-2022-43691) + +### CVE-2022-43692 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. + + +- [Live-Hack-CVE/CVE-2022-43692](https://github.com/Live-Hack-CVE/CVE-2022-43692) + +### CVE-2022-43693 (2022-11-14) + + +Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. + + +- [Live-Hack-CVE/CVE-2022-43693](https://github.com/Live-Hack-CVE/CVE-2022-43693) + +### CVE-2022-43694 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. + + +- [Live-Hack-CVE/CVE-2022-43694](https://github.com/Live-Hack-CVE/CVE-2022-43694) + +### CVE-2022-43695 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. + + +- [Live-Hack-CVE/CVE-2022-43695](https://github.com/Live-Hack-CVE/CVE-2022-43695) + +### CVE-2022-43753 (2022-11-10) + + +A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. + + +- [Live-Hack-CVE/CVE-2022-43753](https://github.com/Live-Hack-CVE/CVE-2022-43753) + +### CVE-2022-43754 (2022-11-10) + + +An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. + + +- [Live-Hack-CVE/CVE-2022-43754](https://github.com/Live-Hack-CVE/CVE-2022-43754) + +### CVE-2022-43781 (2022-11-16) + + +There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”. + + +- [Live-Hack-CVE/CVE-2022-43781](https://github.com/Live-Hack-CVE/CVE-2022-43781) + +### CVE-2022-43782 (2022-11-16) + + +Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3 + + +- [Live-Hack-CVE/CVE-2022-43782](https://github.com/Live-Hack-CVE/CVE-2022-43782) + +### CVE-2022-43958 (2022-11-08) + + +A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users. + + +- [Live-Hack-CVE/CVE-2022-43958](https://github.com/Live-Hack-CVE/CVE-2022-43958) + +### CVE-2022-43967 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. + + +- [Live-Hack-CVE/CVE-2022-43967](https://github.com/Live-Hack-CVE/CVE-2022-43967) + +### CVE-2022-43968 (2022-11-14) + + +Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. + + +- [Live-Hack-CVE/CVE-2022-43968](https://github.com/Live-Hack-CVE/CVE-2022-43968) ### CVE-2022-43999 (2022-11-16) @@ -8663,6 +9784,14 @@ An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed inte - [Live-Hack-CVE/CVE-2022-44000](https://github.com/Live-Hack-CVE/CVE-2022-44000) +### CVE-2022-44001 (2022-11-17) + + +An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. + + +- [Live-Hack-CVE/CVE-2022-44001](https://github.com/Live-Hack-CVE/CVE-2022-44001) + ### CVE-2022-44003 (2022-11-16) @@ -8711,597 +9840,213 @@ An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper valida - [Live-Hack-CVE/CVE-2022-44008](https://github.com/Live-Hack-CVE/CVE-2022-44008) -### CVE-2022-44020 (2022-10-29) +### CVE-2022-44048 (2022-11-07) -An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration." +The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0. -- [Live-Hack-CVE/CVE-2022-44020](https://github.com/Live-Hack-CVE/CVE-2022-44020) +- [Live-Hack-CVE/CVE-2022-44048](https://github.com/Live-Hack-CVE/CVE-2022-44048) -### CVE-2022-44038 (2022-11-28) +### CVE-2022-44049 (2022-11-07) -Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. +The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0. -- [Live-Hack-CVE/CVE-2022-44038](https://github.com/Live-Hack-CVE/CVE-2022-44038) +- [Live-Hack-CVE/CVE-2022-44049](https://github.com/Live-Hack-CVE/CVE-2022-44049) -### CVE-2022-44096 (2022-11-29) +### CVE-2022-44050 (2022-11-07) -Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. +The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0. -- [Live-Hack-CVE/CVE-2022-44096](https://github.com/Live-Hack-CVE/CVE-2022-44096) +- [Live-Hack-CVE/CVE-2022-44050](https://github.com/Live-Hack-CVE/CVE-2022-44050) -### CVE-2022-44097 (2022-11-29) +### CVE-2022-44051 (2022-11-07) -Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. +The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0. -- [Live-Hack-CVE/CVE-2022-44097](https://github.com/Live-Hack-CVE/CVE-2022-44097) +- [Live-Hack-CVE/CVE-2022-44051](https://github.com/Live-Hack-CVE/CVE-2022-44051) -### CVE-2022-44117 (2022-11-23) +### CVE-2022-44052 (2022-11-07) -Boa 0.94.14rc21 is vulnerable to SQL Injection via username. +The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0. -- [Live-Hack-CVE/CVE-2022-44117](https://github.com/Live-Hack-CVE/CVE-2022-44117) +- [Live-Hack-CVE/CVE-2022-44052](https://github.com/Live-Hack-CVE/CVE-2022-44052) -### CVE-2022-44118 (2022-11-23) +### CVE-2022-44053 (2022-11-07) -dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. +The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0. -- [Live-Hack-CVE/CVE-2022-44118](https://github.com/Live-Hack-CVE/CVE-2022-44118) +- [Live-Hack-CVE/CVE-2022-44053](https://github.com/Live-Hack-CVE/CVE-2022-44053) -### CVE-2022-44120 (2022-11-23) +### CVE-2022-44054 (2022-11-07) -dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. +The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0. -- [Live-Hack-CVE/CVE-2022-44120](https://github.com/Live-Hack-CVE/CVE-2022-44120) +- [Live-Hack-CVE/CVE-2022-44054](https://github.com/Live-Hack-CVE/CVE-2022-44054) -### CVE-2022-44136 (2022-11-30) +### CVE-2022-44069 (2022-11-16) -Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). +Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. -- [Live-Hack-CVE/CVE-2022-44136](https://github.com/Live-Hack-CVE/CVE-2022-44136) +- [Live-Hack-CVE/CVE-2022-44069](https://github.com/Live-Hack-CVE/CVE-2022-44069) -### CVE-2022-44139 (2022-11-23) +### CVE-2022-44070 (2022-11-16) -Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. +Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. -- [Live-Hack-CVE/CVE-2022-44139](https://github.com/Live-Hack-CVE/CVE-2022-44139) +- [Live-Hack-CVE/CVE-2022-44070](https://github.com/Live-Hack-CVE/CVE-2022-44070) -### CVE-2022-44140 (2022-11-23) +### CVE-2022-44071 (2022-11-16) -Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. +Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. -- [Live-Hack-CVE/CVE-2022-44140](https://github.com/Live-Hack-CVE/CVE-2022-44140) +- [Live-Hack-CVE/CVE-2022-44071](https://github.com/Live-Hack-CVE/CVE-2022-44071) -### CVE-2022-44151 (2022-11-30) +### CVE-2022-44073 (2022-11-16) -Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php. +Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. -- [Live-Hack-CVE/CVE-2022-44151](https://github.com/Live-Hack-CVE/CVE-2022-44151) +- [Live-Hack-CVE/CVE-2022-44073](https://github.com/Live-Hack-CVE/CVE-2022-44073) -### CVE-2022-44156 (2022-11-21) +### CVE-2022-44087 (2022-11-10) -Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. +ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. -- [Live-Hack-CVE/CVE-2022-44156](https://github.com/Live-Hack-CVE/CVE-2022-44156) +- [Live-Hack-CVE/CVE-2022-44087](https://github.com/Live-Hack-CVE/CVE-2022-44087) -### CVE-2022-44158 (2022-11-21) +### CVE-2022-44088 (2022-11-10) -Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. +ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. -- [Live-Hack-CVE/CVE-2022-44158](https://github.com/Live-Hack-CVE/CVE-2022-44158) +- [Live-Hack-CVE/CVE-2022-44088](https://github.com/Live-Hack-CVE/CVE-2022-44088) -### CVE-2022-44163 (2022-11-21) +### CVE-2022-44089 (2022-11-10) -Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. +ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. -- [Live-Hack-CVE/CVE-2022-44163](https://github.com/Live-Hack-CVE/CVE-2022-44163) +- [Live-Hack-CVE/CVE-2022-44089](https://github.com/Live-Hack-CVE/CVE-2022-44089) -### CVE-2022-44167 (2022-11-21) +### CVE-2022-44244 (2022-11-09) -Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. +An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. -- [Live-Hack-CVE/CVE-2022-44167](https://github.com/Live-Hack-CVE/CVE-2022-44167) +- [Live-Hack-CVE/CVE-2022-44244](https://github.com/Live-Hack-CVE/CVE-2022-44244) -### CVE-2022-44168 (2022-11-21) +### CVE-2022-44311 (2022-11-08) -Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. +html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file. -- [Live-Hack-CVE/CVE-2022-44168](https://github.com/Live-Hack-CVE/CVE-2022-44168) +- [Live-Hack-CVE/CVE-2022-44311](https://github.com/Live-Hack-CVE/CVE-2022-44311) -### CVE-2022-44169 (2022-11-21) +### CVE-2022-44312 (2022-11-08) -Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator. -- [Live-Hack-CVE/CVE-2022-44169](https://github.com/Live-Hack-CVE/CVE-2022-44169) +- [Live-Hack-CVE/CVE-2022-44312](https://github.com/Live-Hack-CVE/CVE-2022-44312) -### CVE-2022-44171 (2022-11-21) +### CVE-2022-44313 (2022-11-08) -Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall. -- [Live-Hack-CVE/CVE-2022-44171](https://github.com/Live-Hack-CVE/CVE-2022-44171) +- [Live-Hack-CVE/CVE-2022-44313](https://github.com/Live-Hack-CVE/CVE-2022-44313) -### CVE-2022-44172 (2022-11-21) +### CVE-2022-44314 (2022-11-08) -Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. -- [Live-Hack-CVE/CVE-2022-44172](https://github.com/Live-Hack-CVE/CVE-2022-44172) +- [Live-Hack-CVE/CVE-2022-44314](https://github.com/Live-Hack-CVE/CVE-2022-44314) -### CVE-2022-44174 (2022-11-21) +### CVE-2022-44315 (2022-11-08) -Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall. -- [Live-Hack-CVE/CVE-2022-44174](https://github.com/Live-Hack-CVE/CVE-2022-44174) +- [Live-Hack-CVE/CVE-2022-44315](https://github.com/Live-Hack-CVE/CVE-2022-44315) -### CVE-2022-44175 (2022-11-21) +### CVE-2022-44316 (2022-11-08) -Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken. -- [Live-Hack-CVE/CVE-2022-44175](https://github.com/Live-Hack-CVE/CVE-2022-44175) +- [Live-Hack-CVE/CVE-2022-44316](https://github.com/Live-Hack-CVE/CVE-2022-44316) -### CVE-2022-44176 (2022-11-21) +### CVE-2022-44317 (2022-11-08) -Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall. -- [Live-Hack-CVE/CVE-2022-44176](https://github.com/Live-Hack-CVE/CVE-2022-44176) +- [Live-Hack-CVE/CVE-2022-44317](https://github.com/Live-Hack-CVE/CVE-2022-44317) -### CVE-2022-44177 (2022-11-21) +### CVE-2022-44318 (2022-11-08) -Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall. -- [Live-Hack-CVE/CVE-2022-44177](https://github.com/Live-Hack-CVE/CVE-2022-44177) +- [Live-Hack-CVE/CVE-2022-44318](https://github.com/Live-Hack-CVE/CVE-2022-44318) -### CVE-2022-44178 (2022-11-21) +### CVE-2022-44319 (2022-11-08) -Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall. -- [Live-Hack-CVE/CVE-2022-44178](https://github.com/Live-Hack-CVE/CVE-2022-44178) +- [Live-Hack-CVE/CVE-2022-44319](https://github.com/Live-Hack-CVE/CVE-2022-44319) -### CVE-2022-44180 (2022-11-21) +### CVE-2022-44320 (2022-11-08) -Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall. -- [Live-Hack-CVE/CVE-2022-44180](https://github.com/Live-Hack-CVE/CVE-2022-44180) +- [Live-Hack-CVE/CVE-2022-44320](https://github.com/Live-Hack-CVE/CVE-2022-44320) -### CVE-2022-44183 (2022-11-21) +### CVE-2022-44321 (2022-11-08) -Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. +PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. -- [Live-Hack-CVE/CVE-2022-44183](https://github.com/Live-Hack-CVE/CVE-2022-44183) - -### CVE-2022-44184 (2022-11-22) - - -Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. - - -- [Live-Hack-CVE/CVE-2022-44184](https://github.com/Live-Hack-CVE/CVE-2022-44184) - -### CVE-2022-44186 (2022-11-22) - - -Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri. - - -- [Live-Hack-CVE/CVE-2022-44186](https://github.com/Live-Hack-CVE/CVE-2022-44186) - -### CVE-2022-44187 (2022-11-22) - - -Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. - - -- [Live-Hack-CVE/CVE-2022-44187](https://github.com/Live-Hack-CVE/CVE-2022-44187) - -### CVE-2022-44188 (2022-11-22) - - -Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering. - - -- [Live-Hack-CVE/CVE-2022-44188](https://github.com/Live-Hack-CVE/CVE-2022-44188) - -### CVE-2022-44190 (2022-11-22) - - -Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. - - -- [Live-Hack-CVE/CVE-2022-44190](https://github.com/Live-Hack-CVE/CVE-2022-44190) - -### CVE-2022-44191 (2022-11-22) - - -Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. - - -- [Live-Hack-CVE/CVE-2022-44191](https://github.com/Live-Hack-CVE/CVE-2022-44191) - -### CVE-2022-44193 (2022-11-22) - - -Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. - - -- [Live-Hack-CVE/CVE-2022-44193](https://github.com/Live-Hack-CVE/CVE-2022-44193) - -### CVE-2022-44194 (2022-11-22) - - -Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. - - -- [Live-Hack-CVE/CVE-2022-44194](https://github.com/Live-Hack-CVE/CVE-2022-44194) - -### CVE-2022-44196 (2022-11-22) - - -Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. - - -- [Live-Hack-CVE/CVE-2022-44196](https://github.com/Live-Hack-CVE/CVE-2022-44196) - -### CVE-2022-44197 (2022-11-22) - - -Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. - - -- [Live-Hack-CVE/CVE-2022-44197](https://github.com/Live-Hack-CVE/CVE-2022-44197) - -### CVE-2022-44198 (2022-11-22) - - -Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. - - -- [Live-Hack-CVE/CVE-2022-44198](https://github.com/Live-Hack-CVE/CVE-2022-44198) - -### CVE-2022-44199 (2022-11-22) - - -Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. - - -- [Live-Hack-CVE/CVE-2022-44199](https://github.com/Live-Hack-CVE/CVE-2022-44199) - -### CVE-2022-44200 (2022-11-22) - - -Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. - - -- [Live-Hack-CVE/CVE-2022-44200](https://github.com/Live-Hack-CVE/CVE-2022-44200) - -### CVE-2022-44201 (2022-11-22) - - -D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. - - -- [Live-Hack-CVE/CVE-2022-44201](https://github.com/Live-Hack-CVE/CVE-2022-44201) - -### CVE-2022-44202 (2022-11-22) - - -D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. - - -- [Live-Hack-CVE/CVE-2022-44202](https://github.com/Live-Hack-CVE/CVE-2022-44202) - -### CVE-2022-44204 (2022-11-18) - - -D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. - - -- [Live-Hack-CVE/CVE-2022-44204](https://github.com/Live-Hack-CVE/CVE-2022-44204) - -### CVE-2022-44250 (2022-11-23) - - -TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. - - -- [Live-Hack-CVE/CVE-2022-44250](https://github.com/Live-Hack-CVE/CVE-2022-44250) - -### CVE-2022-44251 (2022-11-23) - - -TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. - - -- [Live-Hack-CVE/CVE-2022-44251](https://github.com/Live-Hack-CVE/CVE-2022-44251) - -### CVE-2022-44252 (2022-11-23) - - -TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. - - -- [Live-Hack-CVE/CVE-2022-44252](https://github.com/Live-Hack-CVE/CVE-2022-44252) - -### CVE-2022-44253 (2022-11-23) - - -TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. - - -- [Live-Hack-CVE/CVE-2022-44253](https://github.com/Live-Hack-CVE/CVE-2022-44253) - -### CVE-2022-44254 (2022-11-23) - - -TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. - - -- [Live-Hack-CVE/CVE-2022-44254](https://github.com/Live-Hack-CVE/CVE-2022-44254) - -### CVE-2022-44255 (2022-11-23) - - -TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. - - -- [Live-Hack-CVE/CVE-2022-44255](https://github.com/Live-Hack-CVE/CVE-2022-44255) - -### CVE-2022-44256 (2022-11-23) - - -TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. - - -- [Live-Hack-CVE/CVE-2022-44256](https://github.com/Live-Hack-CVE/CVE-2022-44256) - -### CVE-2022-44257 (2022-11-23) - - -TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. - - -- [Live-Hack-CVE/CVE-2022-44257](https://github.com/Live-Hack-CVE/CVE-2022-44257) - -### CVE-2022-44258 (2022-11-23) - - -TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. - - -- [Live-Hack-CVE/CVE-2022-44258](https://github.com/Live-Hack-CVE/CVE-2022-44258) - -### CVE-2022-44259 (2022-11-23) - - -TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. - - -- [Live-Hack-CVE/CVE-2022-44259](https://github.com/Live-Hack-CVE/CVE-2022-44259) - -### CVE-2022-44260 (2022-11-23) - - -TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. - - -- [Live-Hack-CVE/CVE-2022-44260](https://github.com/Live-Hack-CVE/CVE-2022-44260) - -### CVE-2022-44262 (2022-11-30) - - -ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). - - -- [Live-Hack-CVE/CVE-2022-44262](https://github.com/Live-Hack-CVE/CVE-2022-44262) - -### CVE-2022-44277 (2022-12-02) - - -Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. - - -- [Live-Hack-CVE/CVE-2022-44277](https://github.com/Live-Hack-CVE/CVE-2022-44277) - -### CVE-2022-44278 (2022-11-23) - - -Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. - - -- [Live-Hack-CVE/CVE-2022-44278](https://github.com/Live-Hack-CVE/CVE-2022-44278) - -### CVE-2022-44279 (2022-11-29) - - -Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. - - -- [Live-Hack-CVE/CVE-2022-44279](https://github.com/Live-Hack-CVE/CVE-2022-44279) - -### CVE-2022-44280 (2022-11-23) - - -Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. - - -- [Live-Hack-CVE/CVE-2022-44280](https://github.com/Live-Hack-CVE/CVE-2022-44280) - -### CVE-2022-44283 (2022-11-28) - - -AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. - - -- [Live-Hack-CVE/CVE-2022-44283](https://github.com/Live-Hack-CVE/CVE-2022-44283) - -### CVE-2022-44284 (2022-11-28) - - -Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). - - -- [Live-Hack-CVE/CVE-2022-44284](https://github.com/Live-Hack-CVE/CVE-2022-44284) - -### CVE-2022-44294 (2022-11-30) - - -Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=. - - -- [Live-Hack-CVE/CVE-2022-44294](https://github.com/Live-Hack-CVE/CVE-2022-44294) - -### CVE-2022-44295 (2022-11-30) - - -Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=. - - -- [Live-Hack-CVE/CVE-2022-44295](https://github.com/Live-Hack-CVE/CVE-2022-44295) - -### CVE-2022-44296 (2022-11-30) - - -Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=. - - -- [Live-Hack-CVE/CVE-2022-44296](https://github.com/Live-Hack-CVE/CVE-2022-44296) - -### CVE-2022-44345 (2022-12-02) - - -Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. - - -- [Live-Hack-CVE/CVE-2022-44345](https://github.com/Live-Hack-CVE/CVE-2022-44345) - -### CVE-2022-44347 (2022-12-02) - - -Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. - - -- [Live-Hack-CVE/CVE-2022-44347](https://github.com/Live-Hack-CVE/CVE-2022-44347) - -### CVE-2022-44348 (2022-12-02) - - -Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. - - -- [Live-Hack-CVE/CVE-2022-44348](https://github.com/Live-Hack-CVE/CVE-2022-44348) - -### CVE-2022-44354 (2022-11-29) - - -SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. - - -- [Live-Hack-CVE/CVE-2022-44354](https://github.com/Live-Hack-CVE/CVE-2022-44354) - -### CVE-2022-44355 (2022-11-29) - - -SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. - - -- [Live-Hack-CVE/CVE-2022-44355](https://github.com/Live-Hack-CVE/CVE-2022-44355) - -### CVE-2022-44356 (2022-11-29) - - -WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. - - -- [Live-Hack-CVE/CVE-2022-44356](https://github.com/Live-Hack-CVE/CVE-2022-44356) - -### CVE-2022-44362 (2022-12-02) - - -Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. - - -- [Live-Hack-CVE/CVE-2022-44362](https://github.com/Live-Hack-CVE/CVE-2022-44362) - -### CVE-2022-44363 (2022-12-02) - - -Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. - - -- [Live-Hack-CVE/CVE-2022-44363](https://github.com/Live-Hack-CVE/CVE-2022-44363) - -### CVE-2022-44365 (2022-12-02) - - -Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. - - -- [Live-Hack-CVE/CVE-2022-44365](https://github.com/Live-Hack-CVE/CVE-2022-44365) - -### CVE-2022-44366 (2022-12-02) - - -Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. - - -- [Live-Hack-CVE/CVE-2022-44366](https://github.com/Live-Hack-CVE/CVE-2022-44366) - -### CVE-2022-44367 (2022-12-02) - - -Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. - - -- [Live-Hack-CVE/CVE-2022-44367](https://github.com/Live-Hack-CVE/CVE-2022-44367) +- [Live-Hack-CVE/CVE-2022-44321](https://github.com/Live-Hack-CVE/CVE-2022-44321) ### CVE-2022-44378 (2022-11-18) @@ -9319,37 +10064,53 @@ Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/ - [Live-Hack-CVE/CVE-2022-44379](https://github.com/Live-Hack-CVE/CVE-2022-44379) -### CVE-2022-44399 (2022-11-28) +### CVE-2022-44384 (2022-11-17) -Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. +An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. -- [Live-Hack-CVE/CVE-2022-44399](https://github.com/Live-Hack-CVE/CVE-2022-44399) +- [Live-Hack-CVE/CVE-2022-44384](https://github.com/Live-Hack-CVE/CVE-2022-44384) -### CVE-2022-44400 (2022-11-28) +### CVE-2022-44387 (2022-11-14) -Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. +EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. -- [Live-Hack-CVE/CVE-2022-44400](https://github.com/Live-Hack-CVE/CVE-2022-44400) +- [Live-Hack-CVE/CVE-2022-44387](https://github.com/Live-Hack-CVE/CVE-2022-44387) -### CVE-2022-44401 (2022-11-28) +### CVE-2022-44389 (2022-11-14) -Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. +EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. -- [Live-Hack-CVE/CVE-2022-44401](https://github.com/Live-Hack-CVE/CVE-2022-44401) +- [Live-Hack-CVE/CVE-2022-44389](https://github.com/Live-Hack-CVE/CVE-2022-44389) -### CVE-2022-44411 (2022-11-25) +### CVE-2022-44390 (2022-11-14) -Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. +A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. -- [Live-Hack-CVE/CVE-2022-44411](https://github.com/Live-Hack-CVE/CVE-2022-44411) +- [Live-Hack-CVE/CVE-2022-44390](https://github.com/Live-Hack-CVE/CVE-2022-44390) + +### CVE-2022-44402 (2022-11-17) + + +Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. + + +- [Live-Hack-CVE/CVE-2022-44402](https://github.com/Live-Hack-CVE/CVE-2022-44402) + +### CVE-2022-44403 (2022-11-17) + + +Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. + + +- [Live-Hack-CVE/CVE-2022-44403](https://github.com/Live-Hack-CVE/CVE-2022-44403) ### CVE-2022-44413 (2022-11-18) @@ -9375,6 +10136,142 @@ Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/ - [Live-Hack-CVE/CVE-2022-44415](https://github.com/Live-Hack-CVE/CVE-2022-44415) +### CVE-2022-44544 (2022-11-06) + + +Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. + + +- [Live-Hack-CVE/CVE-2022-44544](https://github.com/Live-Hack-CVE/CVE-2022-44544) + +### CVE-2022-44546 (2022-11-09) + + +The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart. + + +- [Live-Hack-CVE/CVE-2022-44546](https://github.com/Live-Hack-CVE/CVE-2022-44546) + +### CVE-2022-44547 (2022-11-09) + + +The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. + + +- [Live-Hack-CVE/CVE-2022-44547](https://github.com/Live-Hack-CVE/CVE-2022-44547) + +### CVE-2022-44548 (2022-11-09) + + +There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. + + +- [Live-Hack-CVE/CVE-2022-44548](https://github.com/Live-Hack-CVE/CVE-2022-44548) + +### CVE-2022-44550 (2022-11-09) + + +The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability. + + +- [Live-Hack-CVE/CVE-2022-44550](https://github.com/Live-Hack-CVE/CVE-2022-44550) + +### CVE-2022-44551 (2022-11-09) + + +The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. + + +- [Live-Hack-CVE/CVE-2022-44551](https://github.com/Live-Hack-CVE/CVE-2022-44551) + +### CVE-2022-44552 (2022-11-09) + + +The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. + + +- [Live-Hack-CVE/CVE-2022-44552](https://github.com/Live-Hack-CVE/CVE-2022-44552) + +### CVE-2022-44553 (2022-11-09) + + +The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically. + + +- [Live-Hack-CVE/CVE-2022-44553](https://github.com/Live-Hack-CVE/CVE-2022-44553) + +### CVE-2022-44554 (2022-11-09) + + +The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. + + +- [Live-Hack-CVE/CVE-2022-44554](https://github.com/Live-Hack-CVE/CVE-2022-44554) + +### CVE-2022-44555 (2022-11-09) + + +The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. + + +- [Live-Hack-CVE/CVE-2022-44555](https://github.com/Live-Hack-CVE/CVE-2022-44555) + +### CVE-2022-44557 (2022-11-09) + + +The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. + + +- [Live-Hack-CVE/CVE-2022-44557](https://github.com/Live-Hack-CVE/CVE-2022-44557) + +### CVE-2022-44558 (2022-11-09) + + +The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. + + +- [Live-Hack-CVE/CVE-2022-44558](https://github.com/Live-Hack-CVE/CVE-2022-44558) + +### CVE-2022-44559 (2022-11-09) + + +The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. + + +- [Live-Hack-CVE/CVE-2022-44559](https://github.com/Live-Hack-CVE/CVE-2022-44559) + +### CVE-2022-44560 (2022-11-09) + + +The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. + + +- [Live-Hack-CVE/CVE-2022-44560](https://github.com/Live-Hack-CVE/CVE-2022-44560) + +### CVE-2022-44561 (2022-11-09) + + +The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. + + +- [Live-Hack-CVE/CVE-2022-44561](https://github.com/Live-Hack-CVE/CVE-2022-44561) + +### CVE-2022-44562 (2022-11-09) + + +The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. + + +- [Live-Hack-CVE/CVE-2022-44562](https://github.com/Live-Hack-CVE/CVE-2022-44562) + +### CVE-2022-44563 (2022-11-09) + + +There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. + + +- [Live-Hack-CVE/CVE-2022-44563](https://github.com/Live-Hack-CVE/CVE-2022-44563) + ### CVE-2022-44583 (2022-11-18) @@ -9391,149 +10288,141 @@ Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.1 - [Live-Hack-CVE/CVE-2022-44584](https://github.com/Live-Hack-CVE/CVE-2022-44584) -### CVE-2022-44634 (2022-11-18) +### CVE-2022-44590 (2022-11-09) -Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. +Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. -- [Live-Hack-CVE/CVE-2022-44634](https://github.com/Live-Hack-CVE/CVE-2022-44634) +- [Live-Hack-CVE/CVE-2022-44590](https://github.com/Live-Hack-CVE/CVE-2022-44590) -### CVE-2022-44635 (2022-11-29) +### CVE-2022-44591 (2022-11-17) -Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1. +Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress. -- [Live-Hack-CVE/CVE-2022-44635](https://github.com/Live-Hack-CVE/CVE-2022-44635) +- [Live-Hack-CVE/CVE-2022-44591](https://github.com/Live-Hack-CVE/CVE-2022-44591) -### CVE-2022-44641 (2022-11-18) +### CVE-2022-44727 (2022-11-10) -In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. +The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). -- [Live-Hack-CVE/CVE-2022-44641](https://github.com/Live-Hack-CVE/CVE-2022-44641) +- [Live-Hack-CVE/CVE-2022-44727](https://github.com/Live-Hack-CVE/CVE-2022-44727) -### CVE-2022-44725 (2022-11-17) +### CVE-2022-44732 (2022-11-07) -OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). +Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. -- [Live-Hack-CVE/CVE-2022-44725](https://github.com/Live-Hack-CVE/CVE-2022-44725) +- [Live-Hack-CVE/CVE-2022-44732](https://github.com/Live-Hack-CVE/CVE-2022-44732) -### CVE-2022-44737 (2022-11-22) +### CVE-2022-44733 (2022-11-07) -Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. +Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. -- [Live-Hack-CVE/CVE-2022-44737](https://github.com/Live-Hack-CVE/CVE-2022-44737) +- [Live-Hack-CVE/CVE-2022-44733](https://github.com/Live-Hack-CVE/CVE-2022-44733) -### CVE-2022-44740 (2022-11-18) +### CVE-2022-44736 (2022-11-17) -Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. +Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress. -- [Live-Hack-CVE/CVE-2022-44740](https://github.com/Live-Hack-CVE/CVE-2022-44740) +- [Live-Hack-CVE/CVE-2022-44736](https://github.com/Live-Hack-CVE/CVE-2022-44736) -### CVE-2022-44748 (2022-11-24) +### CVE-2022-44741 (2022-11-08) -A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised. +Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. -- [Live-Hack-CVE/CVE-2022-44748](https://github.com/Live-Hack-CVE/CVE-2022-44748) +- [Live-Hack-CVE/CVE-2022-44741](https://github.com/Live-Hack-CVE/CVE-2022-44741) -### CVE-2022-44749 (2022-11-24) +### CVE-2022-44744 (2022-11-07) -A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user's system, though. +Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. -- [Live-Hack-CVE/CVE-2022-44749](https://github.com/Live-Hack-CVE/CVE-2022-44749) +- [Live-Hack-CVE/CVE-2022-44744](https://github.com/Live-Hack-CVE/CVE-2022-44744) -### CVE-2022-44784 (2022-11-21) +### CVE-2022-44745 (2022-11-07) -An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed services, there is the Axis AdminService, which, through the default configuration, should normally be accessible only by the localhost. Nevertheless, by trying to access the mentioned service, both in LFS and DL229, the service can actually be reached even by remote users, allowing creation of arbitrary services on the server side. When an attacker can reach the AdminService, they can use it to instantiate arbitrary services on the server. The exploit procedure is well known and described in Generic AXIS-SSRF exploitation. Basically, the attack consists of writing a JSP page inside the root directory of the web application, through the org.apache.axis.handlers.LogHandler class. +Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. -- [Live-Hack-CVE/CVE-2022-44784](https://github.com/Live-Hack-CVE/CVE-2022-44784) +- [Live-Hack-CVE/CVE-2022-44745](https://github.com/Live-Hack-CVE/CVE-2022-44745) -### CVE-2022-44785 (2022-11-21) +### CVE-2022-44746 (2022-11-07) -An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter. +Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. -- [Live-Hack-CVE/CVE-2022-44785](https://github.com/Live-Hack-CVE/CVE-2022-44785) +- [Live-Hack-CVE/CVE-2022-44746](https://github.com/Live-Hack-CVE/CVE-2022-44746) -### CVE-2022-44786 (2022-11-21) +### CVE-2022-44747 (2022-11-07) -An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application. +Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. -- [Live-Hack-CVE/CVE-2022-44786](https://github.com/Live-Hack-CVE/CVE-2022-44786) +- [Live-Hack-CVE/CVE-2022-44747](https://github.com/Live-Hack-CVE/CVE-2022-44747) -### CVE-2022-44787 (2022-11-21) +### CVE-2022-44792 (2022-11-06) -An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized. +handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. -- [Live-Hack-CVE/CVE-2022-44787](https://github.com/Live-Hack-CVE/CVE-2022-44787) +- [Live-Hack-CVE/CVE-2022-44792](https://github.com/Live-Hack-CVE/CVE-2022-44792) -### CVE-2022-44788 (2022-11-21) +### CVE-2022-44793 (2022-11-06) -An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login. +handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. -- [Live-Hack-CVE/CVE-2022-44788](https://github.com/Live-Hack-CVE/CVE-2022-44788) +- [Live-Hack-CVE/CVE-2022-44793](https://github.com/Live-Hack-CVE/CVE-2022-44793) -### CVE-2022-44801 (2022-11-22) +### CVE-2022-44794 (2022-11-06) -D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. +An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611. -- [Live-Hack-CVE/CVE-2022-44801](https://github.com/Live-Hack-CVE/CVE-2022-44801) +- [Live-Hack-CVE/CVE-2022-44794](https://github.com/Live-Hack-CVE/CVE-2022-44794) -### CVE-2022-44804 (2022-11-22) +### CVE-2022-44795 (2022-11-06) -D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. +An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611. -- [Live-Hack-CVE/CVE-2022-44804](https://github.com/Live-Hack-CVE/CVE-2022-44804) +- [Live-Hack-CVE/CVE-2022-44795](https://github.com/Live-Hack-CVE/CVE-2022-44795) -### CVE-2022-44806 (2022-11-22) +### CVE-2022-44796 (2022-11-06) -D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. +An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in 1.0.13.1611. -- [Live-Hack-CVE/CVE-2022-44806](https://github.com/Live-Hack-CVE/CVE-2022-44806) +- [Live-Hack-CVE/CVE-2022-44796](https://github.com/Live-Hack-CVE/CVE-2022-44796) -### CVE-2022-44807 (2022-11-22) +### CVE-2022-44797 (2022-11-06) -D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. +btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. -- [Live-Hack-CVE/CVE-2022-44807](https://github.com/Live-Hack-CVE/CVE-2022-44807) - -### CVE-2022-44808 (2022-11-22) - - -A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. - - -- [Live-Hack-CVE/CVE-2022-44808](https://github.com/Live-Hack-CVE/CVE-2022-44808) +- [Live-Hack-CVE/CVE-2022-44797](https://github.com/Live-Hack-CVE/CVE-2022-44797) ### CVE-2022-44820 (2022-11-18) @@ -9543,616 +10432,157 @@ Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/ - [Live-Hack-CVE/CVE-2022-44820](https://github.com/Live-Hack-CVE/CVE-2022-44820) -### CVE-2022-44830 (2022-11-21) +### CVE-2022-45047 (2022-11-16) -Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. +Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. -- [Live-Hack-CVE/CVE-2022-44830](https://github.com/Live-Hack-CVE/CVE-2022-44830) +- [Live-Hack-CVE/CVE-2022-45047](https://github.com/Live-Hack-CVE/CVE-2022-45047) -### CVE-2022-44843 (2022-11-25) +### CVE-2022-45066 (2022-11-17) -TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. +Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. -- [Live-Hack-CVE/CVE-2022-44843](https://github.com/Live-Hack-CVE/CVE-2022-44843) +- [Live-Hack-CVE/CVE-2022-45066](https://github.com/Live-Hack-CVE/CVE-2022-45066) -### CVE-2022-44844 (2022-11-25) +### CVE-2022-45069 (2022-11-17) -TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. +Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. -- [Live-Hack-CVE/CVE-2022-44844](https://github.com/Live-Hack-CVE/CVE-2022-44844) +- [Live-Hack-CVE/CVE-2022-45069](https://github.com/Live-Hack-CVE/CVE-2022-45069) -### CVE-2022-44858 (2022-11-25) +### CVE-2022-45077 (2022-11-17) -Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php. +Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. -- [Live-Hack-CVE/CVE-2022-44858](https://github.com/Live-Hack-CVE/CVE-2022-44858) +- [Live-Hack-CVE/CVE-2022-45077](https://github.com/Live-Hack-CVE/CVE-2022-45077) -### CVE-2022-44859 (2022-11-25) +### CVE-2022-45129 (2022-11-10) -Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php. +Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. -- [Live-Hack-CVE/CVE-2022-44859](https://github.com/Live-Hack-CVE/CVE-2022-44859) +- [Live-Hack-CVE/CVE-2022-45129](https://github.com/Live-Hack-CVE/CVE-2022-45129) -### CVE-2022-44860 (2022-11-25) +### CVE-2022-45130 (2022-11-10) -Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php. +Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers. -- [Live-Hack-CVE/CVE-2022-44860](https://github.com/Live-Hack-CVE/CVE-2022-44860) +- [Live-Hack-CVE/CVE-2022-45130](https://github.com/Live-Hack-CVE/CVE-2022-45130) -### CVE-2022-44870 -- [Cedric1314/CVE-2022-44870](https://github.com/Cedric1314/CVE-2022-44870) - -### CVE-2022-44928 (2022-12-01) - - -D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. - - -- [Live-Hack-CVE/CVE-2022-44928](https://github.com/Live-Hack-CVE/CVE-2022-44928) - -### CVE-2022-44929 (2022-12-01) - - -An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. - - -- [Live-Hack-CVE/CVE-2022-44929](https://github.com/Live-Hack-CVE/CVE-2022-44929) - -### CVE-2022-44930 (2022-12-01) - - -D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. - - -- [Live-Hack-CVE/CVE-2022-44930](https://github.com/Live-Hack-CVE/CVE-2022-44930) - -### CVE-2022-44937 (2022-11-28) - - -Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. - - -- [Live-Hack-CVE/CVE-2022-44937](https://github.com/Live-Hack-CVE/CVE-2022-44937) - -### CVE-2022-44944 (2022-12-02) - - -Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. - - -- [Live-Hack-CVE/CVE-2022-44944](https://github.com/Live-Hack-CVE/CVE-2022-44944) - -### CVE-2022-44946 (2022-12-02) - - -Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. - - -- [Live-Hack-CVE/CVE-2022-44946](https://github.com/Live-Hack-CVE/CVE-2022-44946) - -### CVE-2022-44947 (2022-12-02) - - -Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add". - - -- [Live-Hack-CVE/CVE-2022-44947](https://github.com/Live-Hack-CVE/CVE-2022-44947) - -### CVE-2022-44948 (2022-12-02) - - -Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". - - -- [Live-Hack-CVE/CVE-2022-44948](https://github.com/Live-Hack-CVE/CVE-2022-44948) - -### CVE-2022-44949 (2022-12-02) - - -Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. - - -- [Live-Hack-CVE/CVE-2022-44949](https://github.com/Live-Hack-CVE/CVE-2022-44949) - -### CVE-2022-44950 (2022-12-02) - - -Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. - - -- [Live-Hack-CVE/CVE-2022-44950](https://github.com/Live-Hack-CVE/CVE-2022-44950) - -### CVE-2022-44951 (2022-12-02) - - -Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. - - -- [Live-Hack-CVE/CVE-2022-44951](https://github.com/Live-Hack-CVE/CVE-2022-44951) - -### CVE-2022-44952 (2022-12-02) - - -Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". - - -- [Live-Hack-CVE/CVE-2022-44952](https://github.com/Live-Hack-CVE/CVE-2022-44952) - -### CVE-2022-44961 (2022-12-02) - - -webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. - - -- [Live-Hack-CVE/CVE-2022-44961](https://github.com/Live-Hack-CVE/CVE-2022-44961) - -### CVE-2022-44962 (2022-12-02) - - -webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. - - -- [Live-Hack-CVE/CVE-2022-44962](https://github.com/Live-Hack-CVE/CVE-2022-44962) - -### CVE-2022-45012 (2022-11-21) - - -A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. - - -- [Live-Hack-CVE/CVE-2022-45012](https://github.com/Live-Hack-CVE/CVE-2022-45012) - -### CVE-2022-45013 (2022-11-21) - - -A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. - - -- [Live-Hack-CVE/CVE-2022-45013](https://github.com/Live-Hack-CVE/CVE-2022-45013) - -### CVE-2022-45014 (2022-11-21) - - -A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. - - -- [Live-Hack-CVE/CVE-2022-45014](https://github.com/Live-Hack-CVE/CVE-2022-45014) - -### CVE-2022-45015 (2022-11-21) - - -A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. - - -- [Live-Hack-CVE/CVE-2022-45015](https://github.com/Live-Hack-CVE/CVE-2022-45015) - -### CVE-2022-45016 (2022-11-21) - - -A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. - - -- [Live-Hack-CVE/CVE-2022-45016](https://github.com/Live-Hack-CVE/CVE-2022-45016) - -### CVE-2022-45017 (2022-11-21) - - -A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. - - -- [Live-Hack-CVE/CVE-2022-45017](https://github.com/Live-Hack-CVE/CVE-2022-45017) - -### CVE-2022-45036 (2022-11-25) - - -A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. - - -- [Live-Hack-CVE/CVE-2022-45036](https://github.com/Live-Hack-CVE/CVE-2022-45036) - -### CVE-2022-45037 (2022-11-25) - - -A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. - - -- [Live-Hack-CVE/CVE-2022-45037](https://github.com/Live-Hack-CVE/CVE-2022-45037) - -### CVE-2022-45038 (2022-11-25) - - -A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. - - -- [Live-Hack-CVE/CVE-2022-45038](https://github.com/Live-Hack-CVE/CVE-2022-45038) - -### CVE-2022-45039 (2022-11-25) - - -An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. - - -- [Live-Hack-CVE/CVE-2022-45039](https://github.com/Live-Hack-CVE/CVE-2022-45039) - -### CVE-2022-45040 (2022-11-25) - - -A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. - - -- [Live-Hack-CVE/CVE-2022-45040](https://github.com/Live-Hack-CVE/CVE-2022-45040) - -### CVE-2022-45050 (2022-12-01) - - -A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability. - - -- [Live-Hack-CVE/CVE-2022-45050](https://github.com/Live-Hack-CVE/CVE-2022-45050) - -### CVE-2022-45059 (2022-11-09) - - -An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. - - -- [Live-Hack-CVE/CVE-2022-45059](https://github.com/Live-Hack-CVE/CVE-2022-45059) - -### CVE-2022-45060 (2022-11-09) - - -An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. - - -- [Live-Hack-CVE/CVE-2022-45060](https://github.com/Live-Hack-CVE/CVE-2022-45060) - -### CVE-2022-45063 (2022-11-10) - - -xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. - - -- [Live-Hack-CVE/CVE-2022-45063](https://github.com/Live-Hack-CVE/CVE-2022-45063) - -### CVE-2022-45071 (2022-11-17) - - -Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-45071](https://github.com/Live-Hack-CVE/CVE-2022-45071) - -### CVE-2022-45072 (2022-11-17) - - -Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-45072](https://github.com/Live-Hack-CVE/CVE-2022-45072) - -### CVE-2022-45073 (2022-11-18) - - -Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. - - -- [Live-Hack-CVE/CVE-2022-45073](https://github.com/Live-Hack-CVE/CVE-2022-45073) - -### CVE-2022-45082 (2022-11-18) - - -Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. - - -- [Live-Hack-CVE/CVE-2022-45082](https://github.com/Live-Hack-CVE/CVE-2022-45082) - -### CVE-2022-45132 (2022-11-18) - - -In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server. - - -- [Live-Hack-CVE/CVE-2022-45132](https://github.com/Live-Hack-CVE/CVE-2022-45132) - -### CVE-2022-45146 (2022-11-21) - - -An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11. - - -- [Live-Hack-CVE/CVE-2022-45146](https://github.com/Live-Hack-CVE/CVE-2022-45146) - -### CVE-2022-45163 (2022-11-18) - - -An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) - - -- [Live-Hack-CVE/CVE-2022-45163](https://github.com/Live-Hack-CVE/CVE-2022-45163) - -### CVE-2022-45198 (2022-11-14) - - -Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). - - -- [Live-Hack-CVE/CVE-2022-45198](https://github.com/Live-Hack-CVE/CVE-2022-45198) - -### CVE-2022-45199 (2022-11-14) - - -Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. - - -- [Live-Hack-CVE/CVE-2022-45199](https://github.com/Live-Hack-CVE/CVE-2022-45199) - -### CVE-2022-45202 (2022-11-28) - - -GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. - - -- [Live-Hack-CVE/CVE-2022-45202](https://github.com/Live-Hack-CVE/CVE-2022-45202) - -### CVE-2022-45204 (2022-11-28) - - -GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. - - -- [Live-Hack-CVE/CVE-2022-45204](https://github.com/Live-Hack-CVE/CVE-2022-45204) - -### CVE-2022-45205 (2022-11-25) - - -Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. - - -- [Live-Hack-CVE/CVE-2022-45205](https://github.com/Live-Hack-CVE/CVE-2022-45205) - -### CVE-2022-45206 (2022-11-25) - - -Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. - - -- [Live-Hack-CVE/CVE-2022-45206](https://github.com/Live-Hack-CVE/CVE-2022-45206) - -### CVE-2022-45207 (2022-11-25) - - -Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. - - -- [Live-Hack-CVE/CVE-2022-45207](https://github.com/Live-Hack-CVE/CVE-2022-45207) - -### CVE-2022-45208 (2022-11-25) - - -Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. - - -- [Live-Hack-CVE/CVE-2022-45208](https://github.com/Live-Hack-CVE/CVE-2022-45208) - -### CVE-2022-45210 (2022-11-25) - - -Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. - - -- [Live-Hack-CVE/CVE-2022-45210](https://github.com/Live-Hack-CVE/CVE-2022-45210) - -### CVE-2022-45214 (2022-11-28) - - -A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. - - -- [Live-Hack-CVE/CVE-2022-45214](https://github.com/Live-Hack-CVE/CVE-2022-45214) - -### CVE-2022-45215 (2022-12-02) - - -A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. - - -- [Live-Hack-CVE/CVE-2022-45215](https://github.com/Live-Hack-CVE/CVE-2022-45215) - -### CVE-2022-45218 (2022-11-25) - - -Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. - - -- [Live-Hack-CVE/CVE-2022-45218](https://github.com/Live-Hack-CVE/CVE-2022-45218) - -### CVE-2022-45221 (2022-11-28) - - -Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter. - - -- [Live-Hack-CVE/CVE-2022-45221](https://github.com/Live-Hack-CVE/CVE-2022-45221) - -### CVE-2022-45223 (2022-11-28) - - -Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. - - -- [Live-Hack-CVE/CVE-2022-45223](https://github.com/Live-Hack-CVE/CVE-2022-45223) - -### CVE-2022-45224 (2022-11-28) - - -Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. - - -- [Live-Hack-CVE/CVE-2022-45224](https://github.com/Live-Hack-CVE/CVE-2022-45224) - -### CVE-2022-45225 (2022-11-25) - - -Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. - - -- [Live-Hack-CVE/CVE-2022-45225](https://github.com/Live-Hack-CVE/CVE-2022-45225) - -### CVE-2022-45276 (2022-11-23) - - -An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. - - -- [Live-Hack-CVE/CVE-2022-45276](https://github.com/Live-Hack-CVE/CVE-2022-45276) - -### CVE-2022-45278 (2022-11-23) - - -Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. - - -- [Live-Hack-CVE/CVE-2022-45278](https://github.com/Live-Hack-CVE/CVE-2022-45278) - -### CVE-2022-45280 (2022-11-23) - - -A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. - - -- [Live-Hack-CVE/CVE-2022-45280](https://github.com/Live-Hack-CVE/CVE-2022-45280) - -### CVE-2022-45301 (2022-11-28) - - -Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. - - -- [Live-Hack-CVE/CVE-2022-45301](https://github.com/Live-Hack-CVE/CVE-2022-45301) - -### CVE-2022-45304 (2022-11-28) - - -Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. - - -- [Live-Hack-CVE/CVE-2022-45304](https://github.com/Live-Hack-CVE/CVE-2022-45304) - -### CVE-2022-45305 (2022-11-28) +### CVE-2022-45136 (2022-11-14) -Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder. +** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2. -- [Live-Hack-CVE/CVE-2022-45305](https://github.com/Live-Hack-CVE/CVE-2022-45305) +- [Live-Hack-CVE/CVE-2022-45136](https://github.com/Live-Hack-CVE/CVE-2022-45136) -### CVE-2022-45306 (2022-11-28) +### CVE-2022-45182 (2022-11-11) -Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. +Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. -- [Live-Hack-CVE/CVE-2022-45306](https://github.com/Live-Hack-CVE/CVE-2022-45306) +- [Live-Hack-CVE/CVE-2022-45182](https://github.com/Live-Hack-CVE/CVE-2022-45182) -### CVE-2022-45307 (2022-11-28) +### CVE-2022-45183 (2022-11-14) -Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. +Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6. -- [Live-Hack-CVE/CVE-2022-45307](https://github.com/Live-Hack-CVE/CVE-2022-45307) +- [Live-Hack-CVE/CVE-2022-45183](https://github.com/Live-Hack-CVE/CVE-2022-45183) -### CVE-2022-45328 (2022-11-29) +### CVE-2022-45184 (2022-11-14) -Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php. +The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7. -- [Live-Hack-CVE/CVE-2022-45328](https://github.com/Live-Hack-CVE/CVE-2022-45328) +- [Live-Hack-CVE/CVE-2022-45184](https://github.com/Live-Hack-CVE/CVE-2022-45184) -### CVE-2022-45329 (2022-11-28) +### CVE-2022-45188 (2022-11-11) -AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. +Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). -- [Live-Hack-CVE/CVE-2022-45329](https://github.com/Live-Hack-CVE/CVE-2022-45329) +- [Live-Hack-CVE/CVE-2022-45188](https://github.com/Live-Hack-CVE/CVE-2022-45188) -### CVE-2022-45330 (2022-11-22) +### CVE-2022-45193 (2022-11-11) -AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. +CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. -- [Live-Hack-CVE/CVE-2022-45330](https://github.com/Live-Hack-CVE/CVE-2022-45330) +- [Live-Hack-CVE/CVE-2022-45193](https://github.com/Live-Hack-CVE/CVE-2022-45193) -### CVE-2022-45331 (2022-11-22) +### CVE-2022-45194 (2022-11-11) -AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. +CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. -- [Live-Hack-CVE/CVE-2022-45331](https://github.com/Live-Hack-CVE/CVE-2022-45331) +- [Live-Hack-CVE/CVE-2022-45194](https://github.com/Live-Hack-CVE/CVE-2022-45194) -### CVE-2022-45332 (2022-11-29) +### CVE-2022-45195 (2022-11-12) -LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. +SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. -- [Live-Hack-CVE/CVE-2022-45332](https://github.com/Live-Hack-CVE/CVE-2022-45332) +- [Live-Hack-CVE/CVE-2022-45195](https://github.com/Live-Hack-CVE/CVE-2022-45195) -### CVE-2022-45337 (2022-11-29) +### CVE-2022-45196 (2022-11-12) -Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. +Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. -- [Live-Hack-CVE/CVE-2022-45337](https://github.com/Live-Hack-CVE/CVE-2022-45337) +- [Live-Hack-CVE/CVE-2022-45196](https://github.com/Live-Hack-CVE/CVE-2022-45196) -### CVE-2022-45343 (2022-11-29) +### CVE-2022-45375 (2022-11-17) -GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. +Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. -- [Live-Hack-CVE/CVE-2022-45343](https://github.com/Live-Hack-CVE/CVE-2022-45343) +- [Live-Hack-CVE/CVE-2022-45375](https://github.com/Live-Hack-CVE/CVE-2022-45375) -### CVE-2022-45363 (2022-11-22) +### CVE-2022-45379 (2022-11-15) -Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. +Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. -- [Live-Hack-CVE/CVE-2022-45363](https://github.com/Live-Hack-CVE/CVE-2022-45363) +- [Live-Hack-CVE/CVE-2022-45379](https://github.com/Live-Hack-CVE/CVE-2022-45379) -### CVE-2022-45369 (2022-11-18) +### CVE-2022-45380 (2022-11-15) -Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. +Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. -- [Live-Hack-CVE/CVE-2022-45369](https://github.com/Live-Hack-CVE/CVE-2022-45369) +- [Live-Hack-CVE/CVE-2022-45380](https://github.com/Live-Hack-CVE/CVE-2022-45380) -### CVE-2022-45381 (2022-11-15) +### CVE-2022-45382 (2022-11-15) -Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. +Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. -- [Live-Hack-CVE/CVE-2022-45381](https://github.com/Live-Hack-CVE/CVE-2022-45381) +- [Live-Hack-CVE/CVE-2022-45382](https://github.com/Live-Hack-CVE/CVE-2022-45382) ### CVE-2022-45383 (2022-11-15) @@ -10162,6 +10592,94 @@ An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d86 - [Live-Hack-CVE/CVE-2022-45383](https://github.com/Live-Hack-CVE/CVE-2022-45383) +### CVE-2022-45384 (2022-11-15) + + +Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. + + +- [Live-Hack-CVE/CVE-2022-45384](https://github.com/Live-Hack-CVE/CVE-2022-45384) + +### CVE-2022-45385 (2022-11-15) + + +A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. + + +- [Live-Hack-CVE/CVE-2022-45385](https://github.com/Live-Hack-CVE/CVE-2022-45385) + +### CVE-2022-45386 (2022-11-15) + + +Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. + + +- [Live-Hack-CVE/CVE-2022-45386](https://github.com/Live-Hack-CVE/CVE-2022-45386) + +### CVE-2022-45387 (2022-11-15) + + +Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. + + +- [Live-Hack-CVE/CVE-2022-45387](https://github.com/Live-Hack-CVE/CVE-2022-45387) + +### CVE-2022-45388 (2022-11-15) + + +Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. + + +- [Live-Hack-CVE/CVE-2022-45388](https://github.com/Live-Hack-CVE/CVE-2022-45388) + +### CVE-2022-45389 (2022-11-15) + + +A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. + + +- [Live-Hack-CVE/CVE-2022-45389](https://github.com/Live-Hack-CVE/CVE-2022-45389) + +### CVE-2022-45390 (2022-11-15) + + +A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. + + +- [Live-Hack-CVE/CVE-2022-45390](https://github.com/Live-Hack-CVE/CVE-2022-45390) + +### CVE-2022-45391 (2022-11-15) + + +Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. + + +- [Live-Hack-CVE/CVE-2022-45391](https://github.com/Live-Hack-CVE/CVE-2022-45391) + +### CVE-2022-45392 (2022-11-15) + + +Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. + + +- [Live-Hack-CVE/CVE-2022-45392](https://github.com/Live-Hack-CVE/CVE-2022-45392) + +### CVE-2022-45393 (2022-11-15) + + +A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. + + +- [Live-Hack-CVE/CVE-2022-45393](https://github.com/Live-Hack-CVE/CVE-2022-45393) + +### CVE-2022-45394 (2022-11-15) + + +A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. + + +- [Live-Hack-CVE/CVE-2022-45394](https://github.com/Live-Hack-CVE/CVE-2022-45394) + ### CVE-2022-45395 (2022-11-15) @@ -10186,6 +10704,22 @@ Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not confi - [Live-Hack-CVE/CVE-2022-45397](https://github.com/Live-Hack-CVE/CVE-2022-45397) +### CVE-2022-45398 (2022-11-15) + + +A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. + + +- [Live-Hack-CVE/CVE-2022-45398](https://github.com/Live-Hack-CVE/CVE-2022-45398) + +### CVE-2022-45399 (2022-11-15) + + +A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. + + +- [Live-Hack-CVE/CVE-2022-45399](https://github.com/Live-Hack-CVE/CVE-2022-45399) + ### CVE-2022-45400 (2022-11-15) @@ -10194,21 +10728,21 @@ Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to preven - [Live-Hack-CVE/CVE-2022-45400](https://github.com/Live-Hack-CVE/CVE-2022-45400) -### CVE-2022-45422 (2022-11-21) +### CVE-2022-45401 (2022-11-15) -When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. +Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. -- [Live-Hack-CVE/CVE-2022-45422](https://github.com/Live-Hack-CVE/CVE-2022-45422) +- [Live-Hack-CVE/CVE-2022-45401](https://github.com/Live-Hack-CVE/CVE-2022-45401) -### CVE-2022-45442 (2022-11-28) +### CVE-2022-45402 (2022-11-15) -Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. +In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. -- [Live-Hack-CVE/CVE-2022-45442](https://github.com/Live-Hack-CVE/CVE-2022-45442) +- [Live-Hack-CVE/CVE-2022-45402](https://github.com/Live-Hack-CVE/CVE-2022-45402) ### CVE-2022-45461 (2022-11-17) @@ -10218,558 +10752,6 @@ The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas pro - [Live-Hack-CVE/CVE-2022-45461](https://github.com/Live-Hack-CVE/CVE-2022-45461) -### CVE-2022-45462 (2022-11-23) - - -Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher - - -- [Live-Hack-CVE/CVE-2022-45462](https://github.com/Live-Hack-CVE/CVE-2022-45462) - -### CVE-2022-45470 (2022-11-21) - - -** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. - - -- [Live-Hack-CVE/CVE-2022-45470](https://github.com/Live-Hack-CVE/CVE-2022-45470) - -### CVE-2022-45471 (2022-11-18) - - -In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address - - -- [Live-Hack-CVE/CVE-2022-45471](https://github.com/Live-Hack-CVE/CVE-2022-45471) - -### CVE-2022-45472 (2022-11-23) - - -CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. - - -- [Live-Hack-CVE/CVE-2022-45472](https://github.com/Live-Hack-CVE/CVE-2022-45472) - -### CVE-2022-45473 (2022-11-18) - - -In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. - - -- [Live-Hack-CVE/CVE-2022-45473](https://github.com/Live-Hack-CVE/CVE-2022-45473) - -### CVE-2022-45474 (2022-11-18) - - -drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. - - -- [Live-Hack-CVE/CVE-2022-45474](https://github.com/Live-Hack-CVE/CVE-2022-45474) - -### CVE-2022-45475 (2022-11-25) - - -Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. - - -- [Live-Hack-CVE/CVE-2022-45475](https://github.com/Live-Hack-CVE/CVE-2022-45475) - -### CVE-2022-45476 (2022-11-25) - - -Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. - - -- [Live-Hack-CVE/CVE-2022-45476](https://github.com/Live-Hack-CVE/CVE-2022-45476) - -### CVE-2022-45480 (2022-12-02) - - -PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - - -- [Live-Hack-CVE/CVE-2022-45480](https://github.com/Live-Hack-CVE/CVE-2022-45480) - -### CVE-2022-45482 (2022-12-02) - - -Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - - -- [Live-Hack-CVE/CVE-2022-45482](https://github.com/Live-Hack-CVE/CVE-2022-45482) - -### CVE-2022-45483 (2022-12-02) - - -Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - - -- [Live-Hack-CVE/CVE-2022-45483](https://github.com/Live-Hack-CVE/CVE-2022-45483) - -### CVE-2022-45529 (2022-11-22) - - -AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. - - -- [Live-Hack-CVE/CVE-2022-45529](https://github.com/Live-Hack-CVE/CVE-2022-45529) - -### CVE-2022-45535 (2022-11-22) - - -AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. - - -- [Live-Hack-CVE/CVE-2022-45535](https://github.com/Live-Hack-CVE/CVE-2022-45535) - -### CVE-2022-45536 (2022-11-22) - - -AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information. - - -- [Live-Hack-CVE/CVE-2022-45536](https://github.com/Live-Hack-CVE/CVE-2022-45536) - -### CVE-2022-45562 (2022-12-01) - - -Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. - - -- [Live-Hack-CVE/CVE-2022-45562](https://github.com/Live-Hack-CVE/CVE-2022-45562) - -### CVE-2022-45640 (2022-11-30) - - -Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). - - -- [Live-Hack-CVE/CVE-2022-45640](https://github.com/Live-Hack-CVE/CVE-2022-45640) - -### CVE-2022-45641 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. - - -- [Live-Hack-CVE/CVE-2022-45641](https://github.com/Live-Hack-CVE/CVE-2022-45641) - -### CVE-2022-45643 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. - - -- [Live-Hack-CVE/CVE-2022-45643](https://github.com/Live-Hack-CVE/CVE-2022-45643) - -### CVE-2022-45644 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. - - -- [Live-Hack-CVE/CVE-2022-45644](https://github.com/Live-Hack-CVE/CVE-2022-45644) - -### CVE-2022-45645 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. - - -- [Live-Hack-CVE/CVE-2022-45645](https://github.com/Live-Hack-CVE/CVE-2022-45645) - -### CVE-2022-45652 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function. - - -- [Live-Hack-CVE/CVE-2022-45652](https://github.com/Live-Hack-CVE/CVE-2022-45652) - -### CVE-2022-45653 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function. - - -- [Live-Hack-CVE/CVE-2022-45653](https://github.com/Live-Hack-CVE/CVE-2022-45653) - -### CVE-2022-45654 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function. - - -- [Live-Hack-CVE/CVE-2022-45654](https://github.com/Live-Hack-CVE/CVE-2022-45654) - -### CVE-2022-45655 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. - - -- [Live-Hack-CVE/CVE-2022-45655](https://github.com/Live-Hack-CVE/CVE-2022-45655) - -### CVE-2022-45656 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. - - -- [Live-Hack-CVE/CVE-2022-45656](https://github.com/Live-Hack-CVE/CVE-2022-45656) - -### CVE-2022-45657 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. - - -- [Live-Hack-CVE/CVE-2022-45657](https://github.com/Live-Hack-CVE/CVE-2022-45657) - -### CVE-2022-45658 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function. - - -- [Live-Hack-CVE/CVE-2022-45658](https://github.com/Live-Hack-CVE/CVE-2022-45658) - -### CVE-2022-45659 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. - - -- [Live-Hack-CVE/CVE-2022-45659](https://github.com/Live-Hack-CVE/CVE-2022-45659) - -### CVE-2022-45660 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function. - - -- [Live-Hack-CVE/CVE-2022-45660](https://github.com/Live-Hack-CVE/CVE-2022-45660) - -### CVE-2022-45661 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function. - - -- [Live-Hack-CVE/CVE-2022-45661](https://github.com/Live-Hack-CVE/CVE-2022-45661) - -### CVE-2022-45663 (2022-12-02) - - -Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. - - -- [Live-Hack-CVE/CVE-2022-45663](https://github.com/Live-Hack-CVE/CVE-2022-45663) - -### CVE-2022-45664 (2022-12-02) - - -Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. - - -- [Live-Hack-CVE/CVE-2022-45664](https://github.com/Live-Hack-CVE/CVE-2022-45664) - -### CVE-2022-45667 (2022-12-02) - - -Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. - - -- [Live-Hack-CVE/CVE-2022-45667](https://github.com/Live-Hack-CVE/CVE-2022-45667) - -### CVE-2022-45668 (2022-12-02) - - -Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. - - -- [Live-Hack-CVE/CVE-2022-45668](https://github.com/Live-Hack-CVE/CVE-2022-45668) - -### CVE-2022-45669 (2022-12-02) - - -Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. - - -- [Live-Hack-CVE/CVE-2022-45669](https://github.com/Live-Hack-CVE/CVE-2022-45669) - -### CVE-2022-45670 (2022-12-02) - - -Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. - - -- [Live-Hack-CVE/CVE-2022-45670](https://github.com/Live-Hack-CVE/CVE-2022-45670) - -### CVE-2022-45671 (2022-12-02) - - -Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function. - - -- [Live-Hack-CVE/CVE-2022-45671](https://github.com/Live-Hack-CVE/CVE-2022-45671) - -### CVE-2022-45672 (2022-12-02) - - -Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. - - -- [Live-Hack-CVE/CVE-2022-45672](https://github.com/Live-Hack-CVE/CVE-2022-45672) - -### CVE-2022-45673 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. - - -- [Live-Hack-CVE/CVE-2022-45673](https://github.com/Live-Hack-CVE/CVE-2022-45673) - -### CVE-2022-45674 (2022-12-02) - - -Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. - - -- [Live-Hack-CVE/CVE-2022-45674](https://github.com/Live-Hack-CVE/CVE-2022-45674) - -### CVE-2022-45842 (2022-11-30) - - -Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores. - - -- [Live-Hack-CVE/CVE-2022-45842](https://github.com/Live-Hack-CVE/CVE-2022-45842) - -### CVE-2022-45866 (2022-11-23) - - -qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. - - -- [Live-Hack-CVE/CVE-2022-45866](https://github.com/Live-Hack-CVE/CVE-2022-45866) - -### CVE-2022-45868 (2022-11-23) - - -The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." - - -- [Live-Hack-CVE/CVE-2022-45868](https://github.com/Live-Hack-CVE/CVE-2022-45868) - -### CVE-2022-45869 (2022-11-29) - - -A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. - - -- [Live-Hack-CVE/CVE-2022-45869](https://github.com/Live-Hack-CVE/CVE-2022-45869) - -### CVE-2022-45872 (2022-11-23) - - -iTerm2 before 3.4.18 mishandles a DECRQSS response. - - -- [Live-Hack-CVE/CVE-2022-45872](https://github.com/Live-Hack-CVE/CVE-2022-45872) - -### CVE-2022-45873 (2022-11-23) - - -systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. - - -- [Live-Hack-CVE/CVE-2022-45873](https://github.com/Live-Hack-CVE/CVE-2022-45873) - -### CVE-2022-45884 (2022-11-24) - - -An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. - - -- [Live-Hack-CVE/CVE-2022-45884](https://github.com/Live-Hack-CVE/CVE-2022-45884) - -### CVE-2022-45885 (2022-11-24) - - -An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. - - -- [Live-Hack-CVE/CVE-2022-45885](https://github.com/Live-Hack-CVE/CVE-2022-45885) - -### CVE-2022-45886 (2022-11-24) - - -An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. - - -- [Live-Hack-CVE/CVE-2022-45886](https://github.com/Live-Hack-CVE/CVE-2022-45886) - -### CVE-2022-45887 (2022-11-24) - - -An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. - - -- [Live-Hack-CVE/CVE-2022-45887](https://github.com/Live-Hack-CVE/CVE-2022-45887) - -### CVE-2022-45888 (2022-11-24) - - -An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. - - -- [Live-Hack-CVE/CVE-2022-45888](https://github.com/Live-Hack-CVE/CVE-2022-45888) - -### CVE-2022-45907 (2022-11-25) - - -In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. - - -- [Live-Hack-CVE/CVE-2022-45907](https://github.com/Live-Hack-CVE/CVE-2022-45907) - -### CVE-2022-45908 (2022-11-25) - - -In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. - - -- [Live-Hack-CVE/CVE-2022-45908](https://github.com/Live-Hack-CVE/CVE-2022-45908) - -### CVE-2022-45919 (2022-11-26) - - -An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. - - -- [Live-Hack-CVE/CVE-2022-45919](https://github.com/Live-Hack-CVE/CVE-2022-45919) - -### CVE-2022-45921 (2022-11-28) - - -FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. - - -- [Live-Hack-CVE/CVE-2022-45921](https://github.com/Live-Hack-CVE/CVE-2022-45921) - -### CVE-2022-45930 (2022-11-26) - - -A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. - - -- [Live-Hack-CVE/CVE-2022-45930](https://github.com/Live-Hack-CVE/CVE-2022-45930) - -### CVE-2022-45931 (2022-11-26) - - -A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. - - -- [Live-Hack-CVE/CVE-2022-45931](https://github.com/Live-Hack-CVE/CVE-2022-45931) - -### CVE-2022-45932 (2022-11-26) - - -A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. - - -- [Live-Hack-CVE/CVE-2022-45932](https://github.com/Live-Hack-CVE/CVE-2022-45932) - -### CVE-2022-45933 (2022-11-26) - - -KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure." - - -- [Live-Hack-CVE/CVE-2022-45933](https://github.com/Live-Hack-CVE/CVE-2022-45933) - -### CVE-2022-45939 (2022-11-28) - - -GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. - - -- [Live-Hack-CVE/CVE-2022-45939](https://github.com/Live-Hack-CVE/CVE-2022-45939) - -### CVE-2022-46146 (2022-11-29) - - -Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality. - - -- [Live-Hack-CVE/CVE-2022-46146](https://github.com/Live-Hack-CVE/CVE-2022-46146) - -### CVE-2022-46147 (2022-11-28) - - -Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds. - - -- [Live-Hack-CVE/CVE-2022-46147](https://github.com/Live-Hack-CVE/CVE-2022-46147) - -### CVE-2022-46148 (2022-11-29) - - -Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. - - -- [Live-Hack-CVE/CVE-2022-46148](https://github.com/Live-Hack-CVE/CVE-2022-46148) - -### CVE-2022-46150 (2022-11-29) - - -Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users. - - -- [Live-Hack-CVE/CVE-2022-46150](https://github.com/Live-Hack-CVE/CVE-2022-46150) - -### CVE-2022-46152 (2022-11-29) - - -OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds. - - -- [Live-Hack-CVE/CVE-2022-46152](https://github.com/Live-Hack-CVE/CVE-2022-46152) - -### CVE-2022-46155 (2022-11-29) - - -Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL environment variables are inserted during Browserify builds due to being referenced in Airtable.js code. This only affects copies of Airtable.js built from its source, not those installed via npm or yarn. Airtable API keys set in users’ environments via the AIRTABLE_API_KEY environment variable may be bundled into local copies of Airtable.js source code if all of the following conditions are met: 1) the user has cloned the Airtable.js source onto their machine, 2) the user runs the `npm prepare` script, and 3) the user' has the AIRTABLE_API_KEY environment variable set. If these conditions are met, a user’s local build of Airtable.js would be modified to include the value of the AIRTABLE_API_KEY environment variable, which could then be accidentally shipped in the bundled code. Users who do not meet all three of these conditions are not impacted by this issue. Users should upgrade to Airtable.js version 0.11.6 or higher; or, as a workaround unset the AIRTABLE_API_KEY environment variable in their shell and/or remove it from your .bashrc, .zshrc, or other shell configuration files. Users should also regenerate any Airtable API keys they use, as the keysy may be present in bundled code. - - -- [Live-Hack-CVE/CVE-2022-46155](https://github.com/Live-Hack-CVE/CVE-2022-46155) - -### CVE-2022-46156 (2022-11-30) - - -The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it's recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`. - - -- [Live-Hack-CVE/CVE-2022-46156](https://github.com/Live-Hack-CVE/CVE-2022-46156) - -### CVE-2022-46159 (2022-12-02) - - -Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available. - - -- [Live-Hack-CVE/CVE-2022-46159](https://github.com/Live-Hack-CVE/CVE-2022-46159) - -### CVE-2022-46162 (2022-11-30) - - -discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode. - - -- [Live-Hack-CVE/CVE-2022-46162](https://github.com/Live-Hack-CVE/CVE-2022-46162) - ### CVE-2022-46689 (2022-12-15) @@ -10777,9 +10759,18 @@ A race condition was addressed with additional validation. This issue is fixed i - [zhuowei/WDBFontOverwrite](https://github.com/zhuowei/WDBFontOverwrite) +- [Live-Hack-CVE/CVE-2022-46689](https://github.com/Live-Hack-CVE/CVE-2022-46689) ## 2021 +### CVE-2021-0185 (2022-11-10) + + +Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2021-0185](https://github.com/Live-Hack-CVE/CVE-2021-0185) + ### CVE-2021-0302 (2021-02-10) @@ -10854,21 +10845,12 @@ In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possi - [Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0319](https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0319) -### CVE-2021-0325 (2021-02-10) - - -In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-174238784 - - -- [nanopathi/external_libavc_AOSP10_r33_CVE-2021-0325](https://github.com/nanopathi/external_libavc_AOSP10_r33_CVE-2021-0325) - ### CVE-2021-0326 (2021-02-10) In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 -- [aemmitt-ns/skeleton](https://github.com/aemmitt-ns/skeleton) - [nanopathi/wpa_supplicant_8_CVE-2021-0326.](https://github.com/nanopathi/wpa_supplicant_8_CVE-2021-0326.) - [Satheesh575555/external_wpa_supplicant_8_AOSP10_r33_CVE-2021-0326](https://github.com/Satheesh575555/external_wpa_supplicant_8_AOSP10_r33_CVE-2021-0326) - [nanopathi/Packages_wpa_supplicant8_CVE-2021-0326](https://github.com/nanopathi/Packages_wpa_supplicant8_CVE-2021-0326) @@ -10897,14 +10879,6 @@ In several native functions called by AdvertiseManager.java, there is a possible - [ShaikUsaf/packages_apps_Bluetooth_AOSP10_r33_CVE-2021-0329](https://github.com/ShaikUsaf/packages_apps_Bluetooth_AOSP10_r33_CVE-2021-0329) -### CVE-2021-0330 (2021-02-10) - - -In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441 - - -- [Satheesh575555/system_core_AOSP10_r33-CVE-2021-0330](https://github.com/Satheesh575555/system_core_AOSP10_r33-CVE-2021-0330) - ### CVE-2021-0331 (2021-02-10) @@ -10929,14 +10903,6 @@ In onCreate of BluetoothPermissionActivity.java, there is a possible permissions - [Satheesh575555/packages_apps_Settings_AOSP10_r33_CVE-2021-0333](https://github.com/Satheesh575555/packages_apps_Settings_AOSP10_r33_CVE-2021-0333) -### CVE-2021-0334 (2021-02-10) - - -In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-163358811 - - -- [ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-0334](https://github.com/ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-0334) - ### CVE-2021-0336 (2021-02-10) @@ -11002,14 +10968,6 @@ In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related - [Satheesh575555/external_v8_AOSP10_r33_CVE-2021-0396](https://github.com/Satheesh575555/external_v8_AOSP10_r33_CVE-2021-0396) -### CVE-2021-0397 (2021-03-10) - - -In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148 - - -- [Satheesh575555/System_bt_AOSP10-r33_CVE-2021-0397](https://github.com/Satheesh575555/System_bt_AOSP10-r33_CVE-2021-0397) - ### CVE-2021-0431 (2021-04-13) @@ -11044,14 +11002,6 @@ In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could l - [nanopathi/frameworks_av_AOSP10_r33_CVE-2021-0437](https://github.com/nanopathi/frameworks_av_AOSP10_r33_CVE-2021-0437) -### CVE-2021-0472 (2021-06-11) - - -In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033 - - -- [nanopathi/framework_base_AOSP10_r33_CVE-2021-0472](https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0472) - ### CVE-2021-0474 (2021-06-11) @@ -11069,14 +11019,6 @@ In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption - [ShaikUsaf/system_bt_AOSP10_r33_CVE-2021-0475](https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2021-0475) -### CVE-2021-0476 (2021-06-11) - - -In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501 - - -- [nanopathi/system_bt_AOSP10_r33_CVE-2021-0476](https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2021-0476) - ### CVE-2021-0478 (2021-06-21) @@ -11206,7 +11148,6 @@ In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096 -- [pazhanivel07/Settings-CVE-2021-0595](https://github.com/pazhanivel07/Settings-CVE-2021-0595) - [pazhanivel07/frameworks_base_Aosp10_r33_CVE-2021-0595](https://github.com/pazhanivel07/frameworks_base_Aosp10_r33_CVE-2021-0595) ### CVE-2021-0600 (2021-07-14) @@ -11225,14 +11166,6 @@ In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write du - [Trinadh465/frameworks_base_AOSP10_r33_CVE-2021-0640](https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2021-0640) -### CVE-2021-0652 (2021-10-22) - - -In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568 - - -- [Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0652](https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0652) - ### CVE-2021-0683 (2021-10-06) @@ -11258,14 +11191,6 @@ In sanitizeSbn of NotificationManagerService.java, there is a possible way to ke - [ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-0705](https://github.com/ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-0705) - [Trinadh465/frameworks_base_AOSP10_r33_CVE-2021-0705](https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2021-0705) -### CVE-2021-0928 (2021-12-15) - - -In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 - - -- [michalbednarski/ReparcelBug2](https://github.com/michalbednarski/ReparcelBug2) - ### CVE-2021-0934 (2022-12-13) @@ -11285,6 +11210,14 @@ In ResolverActivity, there is a possible user interaction bypass due to a tapjac ### CVE-2021-403 - [rhysmcneill/CVE-2021-403](https://github.com/rhysmcneill/CVE-2021-403) +### CVE-2021-1050 (2022-11-08) + + +In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200 + + +- [Live-Hack-CVE/CVE-2021-1050](https://github.com/Live-Hack-CVE/CVE-2021-1050) + ### CVE-2021-1056 (2021-01-07) @@ -11419,7 +11352,6 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - [Al1ex/CVE-2021-2109](https://github.com/Al1ex/CVE-2021-2109) - [rabbitsafe/CVE-2021-2109](https://github.com/rabbitsafe/CVE-2021-2109) - [yuaneuro/CVE-2021-2109_poc](https://github.com/yuaneuro/CVE-2021-2109_poc) -- [coco0x0a/CVE-2021-2109](https://github.com/coco0x0a/CVE-2021-2109) - [Vulnmachines/oracle-weblogic-CVE-2021-2109](https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109) ### CVE-2021-2119 (2021-01-20) @@ -11429,8 +11361,6 @@ Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp - [Sauercloud/RWCTF21-VirtualBox-61-escape](https://github.com/Sauercloud/RWCTF21-VirtualBox-61-escape) -- [chatbottesisgmailh/Sauercloude](https://github.com/chatbottesisgmailh/Sauercloude) -- [shi10587s/Sauercloude](https://github.com/shi10587s/Sauercloude) ### CVE-2021-2173 (2021-04-22) @@ -11591,7 +11521,6 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based - [TheFlash2k/CVE-2021-3156](https://github.com/TheFlash2k/CVE-2021-3156) - [chenaotian/CVE-2021-3156](https://github.com/chenaotian/CVE-2021-3156) - [ret2basic/SudoScience](https://github.com/ret2basic/SudoScience) -- [puckiestyle/CVE-2021-3156](https://github.com/puckiestyle/CVE-2021-3156) - [RodricBr/CVE-2021-3156](https://github.com/RodricBr/CVE-2021-3156) - [ypl6/heaplens](https://github.com/ypl6/heaplens) - [q77190858/CVE-2021-3156](https://github.com/q77190858/CVE-2021-3156) @@ -11872,6 +11801,14 @@ A flaw was found in python-pip in the way it handled Unicode separators in git r - [frenzymadness/CVE-2021-3572](https://github.com/frenzymadness/CVE-2021-3572) +### CVE-2021-3597 (2022-05-24) + + +A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. + + +- [Live-Hack-CVE/CVE-2021-3597](https://github.com/Live-Hack-CVE/CVE-2021-3597) + ### CVE-2021-3598 (2021-07-06) @@ -11904,6 +11841,14 @@ A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM - [Live-Hack-CVE/CVE-2021-3623](https://github.com/Live-Hack-CVE/CVE-2021-3623) +### CVE-2021-3629 (2022-05-24) + + +A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. + + +- [Live-Hack-CVE/CVE-2021-3629](https://github.com/Live-Hack-CVE/CVE-2021-3629) + ### CVE-2021-3632 (2022-08-26) @@ -11912,6 +11857,14 @@ A flaw was found in Keycloak. This vulnerability allows anyone to register a new - [Live-Hack-CVE/CVE-2021-3632](https://github.com/Live-Hack-CVE/CVE-2021-3632) +### CVE-2021-3634 (2021-08-31) + + +A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. + + +- [Live-Hack-CVE/CVE-2021-3634](https://github.com/Live-Hack-CVE/CVE-2021-3634) + ### CVE-2021-3638 (2022-03-03) @@ -11976,6 +11929,14 @@ ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING struct - [Live-Hack-CVE/CVE-2021-3712](https://github.com/Live-Hack-CVE/CVE-2021-3712) +### CVE-2021-3717 (2022-05-24) + + +A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. + + +- [Live-Hack-CVE/CVE-2021-3717](https://github.com/Live-Hack-CVE/CVE-2021-3717) + ### CVE-2021-3732 (2022-03-07) @@ -12024,6 +11985,14 @@ A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill a - [Live-Hack-CVE/CVE-2021-3772](https://github.com/Live-Hack-CVE/CVE-2021-3772) +### CVE-2021-3778 (2021-09-15) + + +vim is vulnerable to Heap-based Buffer Overflow + + +- [Live-Hack-CVE/CVE-2021-3778](https://github.com/Live-Hack-CVE/CVE-2021-3778) + ### CVE-2021-3781 (2022-02-16) @@ -12032,6 +12001,14 @@ A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in t - [Live-Hack-CVE/CVE-2021-3781](https://github.com/Live-Hack-CVE/CVE-2021-3781) +### CVE-2021-3796 (2021-09-15) + + +vim is vulnerable to Use After Free + + +- [Live-Hack-CVE/CVE-2021-3796](https://github.com/Live-Hack-CVE/CVE-2021-3796) + ### CVE-2021-3800 (2022-08-23) @@ -12072,14 +12049,6 @@ A flaw was found in Undertow that tripped the client-side invocation timeout wit - [Live-Hack-CVE/CVE-2021-3859](https://github.com/Live-Hack-CVE/CVE-2021-3859) -### CVE-2021-3864 (2022-08-26) - - -A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. - - -- [walac/cve-2021-3864](https://github.com/walac/cve-2021-3864) - ### CVE-2021-3899 - [liumuqing/CVE-2021-3899_PoC](https://github.com/liumuqing/CVE-2021-3899_PoC) @@ -12107,6 +12076,14 @@ vim is vulnerable to Heap-based Buffer Overflow - [Live-Hack-CVE/CVE-2021-3927](https://github.com/Live-Hack-CVE/CVE-2021-3927) +### CVE-2021-3928 (2021-11-05) + + +vim is vulnerable to Use of Uninitialized Variable + + +- [Live-Hack-CVE/CVE-2021-3928](https://github.com/Live-Hack-CVE/CVE-2021-3928) + ### CVE-2021-3929 (2022-08-25) @@ -12155,6 +12132,14 @@ A potential vulnerability by a driver used during manufacturing process on some - [killvxk/CVE-2021-3972](https://github.com/killvxk/CVE-2021-3972) +### CVE-2021-3974 (2021-11-19) + + +vim is vulnerable to Use After Free + + +- [Live-Hack-CVE/CVE-2021-3974](https://github.com/Live-Hack-CVE/CVE-2021-3974) + ### CVE-2021-3975 (2022-08-23) @@ -12179,6 +12164,14 @@ Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privi - [Live-Hack-CVE/CVE-2021-3982](https://github.com/Live-Hack-CVE/CVE-2021-3982) +### CVE-2021-3984 (2021-12-01) + + +vim is vulnerable to Heap-based Buffer Overflow + + +- [Live-Hack-CVE/CVE-2021-3984](https://github.com/Live-Hack-CVE/CVE-2021-3984) + ### CVE-2021-3995 (2022-08-23) @@ -12195,6 +12188,14 @@ A logic error was found in the libmount library of util-linux in the function th - [Live-Hack-CVE/CVE-2021-3996](https://github.com/Live-Hack-CVE/CVE-2021-3996) +### CVE-2021-3998 (2022-08-24) + + +A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. + + +- [Live-Hack-CVE/CVE-2021-3998](https://github.com/Live-Hack-CVE/CVE-2021-3998) + ### CVE-2021-3999 (2022-08-24) @@ -12203,6 +12204,22 @@ A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd - [Live-Hack-CVE/CVE-2021-3999](https://github.com/Live-Hack-CVE/CVE-2021-3999) +### CVE-2021-4001 (2022-01-21) + + +A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2. + + +- [Live-Hack-CVE/CVE-2021-4001](https://github.com/Live-Hack-CVE/CVE-2021-4001) + +### CVE-2021-4019 (2021-12-01) + + +vim is vulnerable to Heap-based Buffer Overflow + + +- [Live-Hack-CVE/CVE-2021-4019](https://github.com/Live-Hack-CVE/CVE-2021-4019) + ### CVE-2021-4034 (2022-01-28) @@ -12213,33 +12230,16 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - [chenaotian/CVE-2021-4034](https://github.com/chenaotian/CVE-2021-4034) - [ly4k/PwnKit](https://github.com/ly4k/PwnKit) - [xcanwin/CVE-2021-4034-UniontechOS](https://github.com/xcanwin/CVE-2021-4034-UniontechOS) -- [nobelh/CVE-2021-4034](https://github.com/nobelh/CVE-2021-4034) - [tahaafarooq/poppy](https://github.com/tahaafarooq/poppy) - [PwnFunction/CVE-2021-4034](https://github.com/PwnFunction/CVE-2021-4034) -- [c3c/CVE-2021-4034](https://github.com/c3c/CVE-2021-4034) - [galoget/PwnKit-CVE-2021-4034](https://github.com/galoget/PwnKit-CVE-2021-4034) - [Sakura-nee/CVE-2021-4034](https://github.com/Sakura-nee/CVE-2021-4034) - [CYB3RK1D/CVE-2021-4034-POC](https://github.com/CYB3RK1D/CVE-2021-4034-POC) - [rvizx/CVE-2021-4034](https://github.com/rvizx/CVE-2021-4034) - [pyhrr0/pwnkit](https://github.com/pyhrr0/pwnkit) -- [hohn/codeql-sample-polkit](https://github.com/hohn/codeql-sample-polkit) -- [movvamrocks/PwnKit-CVE-2021-4034](https://github.com/movvamrocks/PwnKit-CVE-2021-4034) -- [Squirre17/CVE-2021-4034](https://github.com/Squirre17/CVE-2021-4034) -- [Jesrat/make_me_root](https://github.com/Jesrat/make_me_root) -- [defhacks/cve-2021-4034](https://github.com/defhacks/cve-2021-4034) -- [PentesterSoham/CVE-2021-4034-exploit](https://github.com/PentesterSoham/CVE-2021-4034-exploit) - [T3slaa/pwnkit-pwn](https://github.com/T3slaa/pwnkit-pwn) -- [bakhtiyarsierad/CVE-2021-4034-bug-root](https://github.com/bakhtiyarsierad/CVE-2021-4034-bug-root) -- [ITMarcin2211/Polkit-s-Pkexec-CVE-2021-4034](https://github.com/ITMarcin2211/Polkit-s-Pkexec-CVE-2021-4034) -- [edsonjt81/CVE-2021-4034-Linux](https://github.com/edsonjt81/CVE-2021-4034-Linux) -- [Kashiki078/CVE-2021-4034](https://github.com/Kashiki078/CVE-2021-4034) -- [nel0x/pwnkit-vulnerability](https://github.com/nel0x/pwnkit-vulnerability) -- [TomSgn/CVE-2021-4034](https://github.com/TomSgn/CVE-2021-4034) - [azazelm3dj3d/CVE-2021-4034](https://github.com/azazelm3dj3d/CVE-2021-4034) -- [TheJoyOfHacking/berdav-CVE-2021-4034](https://github.com/TheJoyOfHacking/berdav-CVE-2021-4034) -- [tzwlhack/CVE-2021-4034](https://github.com/tzwlhack/CVE-2021-4034) - [Pajarraco4444/CVE-2021-4034](https://github.com/Pajarraco4444/CVE-2021-4034) -- [jcatala/f_poc_cve-2021-4034](https://github.com/jcatala/f_poc_cve-2021-4034) - [Nosferatuvjr/PwnKit](https://github.com/Nosferatuvjr/PwnKit) - [ArkAngeL43/CVE-2021-4034](https://github.com/ArkAngeL43/CVE-2021-4034) - [rhin0cer0s/CVE-2021-4034](https://github.com/rhin0cer0s/CVE-2021-4034) @@ -12276,6 +12276,14 @@ TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affect - [hacefresko/CVE-2021-4045-PoC](https://github.com/hacefresko/CVE-2021-4045-PoC) - [1x019/CVE-2021-4045](https://github.com/1x019/CVE-2021-4045) +### CVE-2021-4069 (2021-12-06) + + +vim is vulnerable to Use After Free + + +- [Live-Hack-CVE/CVE-2021-4069](https://github.com/Live-Hack-CVE/CVE-2021-4069) + ### CVE-2021-4090 (2022-02-18) @@ -12340,6 +12348,14 @@ A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v - [Markakd/CVE-2021-4154](https://github.com/Markakd/CVE-2021-4154) +### CVE-2021-4160 (2022-01-28) + + +There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). + + +- [Live-Hack-CVE/CVE-2021-4160](https://github.com/Live-Hack-CVE/CVE-2021-4160) + ### CVE-2021-4189 (2022-08-24) @@ -12348,6 +12364,22 @@ A flaw was found in Python, specifically in the FTP (File Transfer Protocol) cli - [Live-Hack-CVE/CVE-2021-4189](https://github.com/Live-Hack-CVE/CVE-2021-4189) +### CVE-2021-4192 (2021-12-31) + + +vim is vulnerable to Use After Free + + +- [Live-Hack-CVE/CVE-2021-4192](https://github.com/Live-Hack-CVE/CVE-2021-4192) + +### CVE-2021-4193 (2021-12-31) + + +vim is vulnerable to Out-of-bounds Read + + +- [Live-Hack-CVE/CVE-2021-4193](https://github.com/Live-Hack-CVE/CVE-2021-4193) + ### CVE-2021-4203 (2022-03-25) @@ -12356,14 +12388,6 @@ A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due - [Live-Hack-CVE/CVE-2021-4203](https://github.com/Live-Hack-CVE/CVE-2021-4203) -### CVE-2021-4204 (2022-08-24) - - -An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. - - -- [tr3ee/CVE-2021-4204](https://github.com/tr3ee/CVE-2021-4204) - ### CVE-2021-4207 (2022-04-29) @@ -12372,6 +12396,14 @@ A flaw was found in the QXL display device emulation in QEMU. A double fetch of - [Live-Hack-CVE/CVE-2021-4207](https://github.com/Live-Hack-CVE/CVE-2021-4207) +### CVE-2021-4214 (2022-08-24) + + +A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. + + +- [Live-Hack-CVE/CVE-2021-4214](https://github.com/Live-Hack-CVE/CVE-2021-4214) + ### CVE-2021-4217 (2022-08-24) @@ -12404,6 +12436,22 @@ Use of hard-coded TLS certificate by default allows an attacker to perform Man-i - [Live-Hack-CVE/CVE-2021-4228](https://github.com/Live-Hack-CVE/CVE-2021-4228) +### CVE-2021-4240 (2022-11-15) + + +A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability. + + +- [Live-Hack-CVE/CVE-2021-4240](https://github.com/Live-Hack-CVE/CVE-2021-4240) + +### CVE-2021-4241 (2022-11-15) + + +A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744. + + +- [Live-Hack-CVE/CVE-2021-4241](https://github.com/Live-Hack-CVE/CVE-2021-4241) + ### CVE-2021-4242 (2022-11-30) @@ -12791,6 +12839,14 @@ An unauthenticated command injection vulnerability exists in multiple parameters - [ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-20138](https://github.com/ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-20138) +### CVE-2021-20227 (2021-03-23) + + +A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. + + +- [Live-Hack-CVE/CVE-2021-20227](https://github.com/Live-Hack-CVE/CVE-2021-20227) + ### CVE-2021-20233 (2021-03-03) @@ -12799,6 +12855,14 @@ A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the me - [pauljrowland/BootHoleFix](https://github.com/pauljrowland/BootHoleFix) +### CVE-2021-20294 (2021-04-29) + + +A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. + + +- [Live-Hack-CVE/CVE-2021-20294](https://github.com/Live-Hack-CVE/CVE-2021-20294) + ### CVE-2021-20296 (2021-04-01) @@ -12871,6 +12935,14 @@ A POST based reflected Cross Site Scripting vulnerability on has been identified - [ndmalc/CVE-2021-20323](https://github.com/ndmalc/CVE-2021-20323) +### CVE-2021-20587 (2021-02-19) + + +Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) all versions, iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. + + +- [Live-Hack-CVE/CVE-2021-20587](https://github.com/Live-Hack-CVE/CVE-2021-20587) + ### CVE-2021-20588 (2021-02-19) @@ -12911,14 +12983,6 @@ Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote att - [s-index/CVE-2021-20717](https://github.com/s-index/CVE-2021-20717) -### CVE-2021-20837 (2021-10-26) - - -Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. - - -- [orangmuda/CVE-2021-20837](https://github.com/orangmuda/CVE-2021-20837) - ### CVE-2021-21014 (2021-02-11) @@ -12934,7 +12998,6 @@ Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 - [ZeusBox/CVE-2021-21017](https://github.com/ZeusBox/CVE-2021-21017) -- [tzwlhack/CVE-2021-21017](https://github.com/tzwlhack/CVE-2021-21017) ### CVE-2021-21042 (2021-02-11) @@ -12968,14 +13031,6 @@ Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a rem - [Grayhaxor/CVE-2021-21148](https://github.com/Grayhaxor/CVE-2021-21148) -### CVE-2021-21193 (2021-03-16) - - -Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - - -- [mehrzad1994/CVE-2021-21193](https://github.com/mehrzad1994/CVE-2021-21193) - ### CVE-2021-21234 (2021-01-05) @@ -13007,8 +13062,6 @@ Git is an open-source distributed revision control system. In affected versions - [ETOCheney/cve-2021-21300](https://github.com/ETOCheney/cve-2021-21300) - [fengzhouc/CVE-2021-21300](https://github.com/fengzhouc/CVE-2021-21300) - [danshuizhangyu/CVE-2021-21300](https://github.com/danshuizhangyu/CVE-2021-21300) -- [Jiang59991/cve-2021-21300](https://github.com/Jiang59991/cve-2021-21300) -- [Jiang59991/cve-2021-21300-plus](https://github.com/Jiang59991/cve-2021-21300-plus) - [macilin/CVE-2021-21300](https://github.com/macilin/CVE-2021-21300) - [Roboterh/CVE-2021-21300](https://github.com/Roboterh/CVE-2021-21300) - [ruifi47/cve-2021-21300-PoC](https://github.com/ruifi47/cve-2021-21300-PoC) @@ -13031,7 +13084,6 @@ XStream is a Java library to serialize objects to XML and back again. In XStream - [s-index/CVE-2021-21341](https://github.com/s-index/CVE-2021-21341) -- [Mani1325/ka-cve-2021-21341](https://github.com/Mani1325/ka-cve-2021-21341) ### CVE-2021-21349 (2021-03-22) @@ -13121,6 +13173,14 @@ In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, c - [Live-Hack-CVE/CVE-2021-21707](https://github.com/Live-Hack-CVE/CVE-2021-21707) +### CVE-2021-21772 (2021-03-10) + + +A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. + + +- [Live-Hack-CVE/CVE-2021-21772](https://github.com/Live-Hack-CVE/CVE-2021-21772) + ### CVE-2021-21809 (2021-06-23) @@ -13191,7 +13251,6 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v - [password520/CVE-2021-21972](https://github.com/password520/CVE-2021-21972) - [murataydemir/CVE-2021-21972](https://github.com/murataydemir/CVE-2021-21972) - [pettyhacks/vSphereyeeter](https://github.com/pettyhacks/vSphereyeeter) -- [orangmuda/CVE-2021-21972](https://github.com/orangmuda/CVE-2021-21972) - [user16-et/cve-2021-21972_PoC](https://github.com/user16-et/cve-2021-21972_PoC) - [Schira4396/VcenterKiller](https://github.com/Schira4396/VcenterKiller) - [trhacknon/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972](https://github.com/trhacknon/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972) @@ -13238,14 +13297,6 @@ VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code exe - [me1ons/CVE-2021-21978](https://github.com/me1ons/CVE-2021-21978) - [skytina/CVE-2021-21978](https://github.com/skytina/CVE-2021-21978) -### CVE-2021-21983 (2021-03-31) - - -Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. - - -- [murataydemir/CVE-2021-21983](https://github.com/murataydemir/CVE-2021-21983) - ### CVE-2021-21985 (2021-05-26) @@ -13328,7 +13379,6 @@ Improper neutralization of user data in the DjVu file format in ExifTool version - [convisolabs/CVE-2021-22204-exiftool](https://github.com/convisolabs/CVE-2021-22204-exiftool) - [se162xg/CVE-2021-22204](https://github.com/se162xg/CVE-2021-22204) - [bilkoh/POC-CVE-2021-22204](https://github.com/bilkoh/POC-CVE-2021-22204) -- [Pajarraco4444/CVE-2021-22204](https://github.com/Pajarraco4444/CVE-2021-22204) - [UNICORDev/exploit-CVE-2021-22204](https://github.com/UNICORDev/exploit-CVE-2021-22204) ### CVE-2021-22205 (2021-04-23) @@ -13341,7 +13391,6 @@ An issue has been discovered in GitLab CE/EE affecting all versions starting fro - [Al1ex/CVE-2021-22205](https://github.com/Al1ex/CVE-2021-22205) - [c0okB/CVE-2021-22205](https://github.com/c0okB/CVE-2021-22205) - [GitLab-Red-Team/cve-hash-harvester](https://github.com/GitLab-Red-Team/cve-hash-harvester) -- [honypot/CVE-2021-22205](https://github.com/honypot/CVE-2021-22205) - [momika233/cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated-](https://github.com/momika233/cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated-) - [keven1z/CVE-2021-22205](https://github.com/keven1z/CVE-2021-22205) @@ -13371,6 +13420,14 @@ A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability e - [Live-Hack-CVE/CVE-2021-22716](https://github.com/Live-Hack-CVE/CVE-2021-22716) +### CVE-2021-22737 (2021-05-26) + + +Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. + + +- [Live-Hack-CVE/CVE-2021-22737](https://github.com/Live-Hack-CVE/CVE-2021-22737) + ### CVE-2021-22893 (2021-04-23) @@ -13468,7 +13525,6 @@ On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before - [yaunsky/CVE-202122986-EXP](https://github.com/yaunsky/CVE-202122986-EXP) - [Tas9er/CVE-2021-22986](https://github.com/Tas9er/CVE-2021-22986) - [dotslashed/CVE-2021-22986](https://github.com/dotslashed/CVE-2021-22986) -- [DDestinys/CVE-2021-22986](https://github.com/DDestinys/CVE-2021-22986) - [west9b/F5-BIG-IP-POC](https://github.com/west9b/F5-BIG-IP-POC) ### CVE-2021-23017 (2021-06-01) @@ -13527,6 +13583,14 @@ A man-in-the-middle attacker can inject false responses to the client's first fe - [Live-Hack-CVE/CVE-2021-23222](https://github.com/Live-Hack-CVE/CVE-2021-23222) +### CVE-2021-23239 (2021-01-12) + + +The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. + + +- [Live-Hack-CVE/CVE-2021-23239](https://github.com/Live-Hack-CVE/CVE-2021-23239) + ### CVE-2021-23383 (2021-05-04) @@ -13535,6 +13599,14 @@ The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when s - [dn9uy3n/Check-CVE-2021-23383](https://github.com/dn9uy3n/Check-CVE-2021-23383) +### CVE-2021-23394 (2021-06-13) + + +The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. + + +- [Live-Hack-CVE/CVE-2021-23394](https://github.com/Live-Hack-CVE/CVE-2021-23394) + ### CVE-2021-23414 (2021-07-28) @@ -13655,6 +13727,14 @@ In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM - [Live-Hack-CVE/CVE-2021-24119](https://github.com/Live-Hack-CVE/CVE-2021-24119) +### CVE-2021-24144 (2021-03-18) + + +Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. + + +- [Live-Hack-CVE/CVE-2021-24144](https://github.com/Live-Hack-CVE/CVE-2021-24144) + ### CVE-2021-24160 (2021-04-05) @@ -13664,6 +13744,22 @@ In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers - [hnthuan1998/CVE-2021-24160](https://github.com/hnthuan1998/CVE-2021-24160) - [hnthuan1998/Exploit-CVE-2021-24160](https://github.com/hnthuan1998/Exploit-CVE-2021-24160) +### CVE-2021-24347 (2021-06-14) + + +The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP". + + +- [Live-Hack-CVE/CVE-2021-24347](https://github.com/Live-Hack-CVE/CVE-2021-24347) + +### CVE-2021-24349 (2021-06-14) + + +This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector. + + +- [Live-Hack-CVE/CVE-2021-24349](https://github.com/Live-Hack-CVE/CVE-2021-24349) + ### CVE-2021-24355 (2021-06-14) @@ -13688,6 +13784,14 @@ The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in - [Live-Hack-CVE/CVE-2021-24431](https://github.com/Live-Hack-CVE/CVE-2021-24431) +### CVE-2021-24444 (2021-08-02) + + +The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue. + + +- [Live-Hack-CVE/CVE-2021-24444](https://github.com/Live-Hack-CVE/CVE-2021-24444) + ### CVE-2021-24485 (2021-10-25) @@ -13696,6 +13800,14 @@ The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or esca - [Live-Hack-CVE/CVE-2021-24485](https://github.com/Live-Hack-CVE/CVE-2021-24485) +### CVE-2021-24504 (2021-08-02) + + +The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated) + + +- [Live-Hack-CVE/CVE-2021-24504](https://github.com/Live-Hack-CVE/CVE-2021-24504) + ### CVE-2021-24507 (2021-08-09) @@ -13704,6 +13816,30 @@ The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or e - [RandomRobbieBF/CVE-2021-24507](https://github.com/RandomRobbieBF/CVE-2021-24507) +### CVE-2021-24543 (2021-10-25) + + +The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. + + +- [Live-Hack-CVE/CVE-2021-24543](https://github.com/Live-Hack-CVE/CVE-2021-24543) + +### CVE-2021-24555 (2021-08-23) + + +The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user. + + +- [Live-Hack-CVE/CVE-2021-24555](https://github.com/Live-Hack-CVE/CVE-2021-24555) + +### CVE-2021-24570 (2021-11-01) + + +The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well. + + +- [Live-Hack-CVE/CVE-2021-24570](https://github.com/Live-Hack-CVE/CVE-2021-24570) + ### CVE-2021-24581 (2021-08-30) @@ -13728,6 +13864,22 @@ The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check - [Live-Hack-CVE/CVE-2021-24586](https://github.com/Live-Hack-CVE/CVE-2021-24586) +### CVE-2021-24595 (2021-10-18) + + +The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack. + + +- [Live-Hack-CVE/CVE-2021-24595](https://github.com/Live-Hack-CVE/CVE-2021-24595) + +### CVE-2021-24615 (2021-10-18) + + +The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks. + + +- [Live-Hack-CVE/CVE-2021-24615](https://github.com/Live-Hack-CVE/CVE-2021-24615) + ### CVE-2021-24618 (2021-09-20) @@ -13736,6 +13888,14 @@ The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape - [Live-Hack-CVE/CVE-2021-24618](https://github.com/Live-Hack-CVE/CVE-2021-24618) +### CVE-2021-24626 (2021-11-08) + + +The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection + + +- [Live-Hack-CVE/CVE-2021-24626](https://github.com/Live-Hack-CVE/CVE-2021-24626) + ### CVE-2021-24639 (2021-09-20) @@ -13744,6 +13904,14 @@ The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authori - [Live-Hack-CVE/CVE-2021-24639](https://github.com/Live-Hack-CVE/CVE-2021-24639) +### CVE-2021-24642 (2021-10-18) + + +The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS + + +- [Live-Hack-CVE/CVE-2021-24642](https://github.com/Live-Hack-CVE/CVE-2021-24642) + ### CVE-2021-24649 (2022-11-21) @@ -13752,6 +13920,38 @@ The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argumen - [Live-Hack-CVE/CVE-2021-24649](https://github.com/Live-Hack-CVE/CVE-2021-24649) +### CVE-2021-24651 (2021-10-11) + + +The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. + + +- [Live-Hack-CVE/CVE-2021-24651](https://github.com/Live-Hack-CVE/CVE-2021-24651) + +### CVE-2021-24683 (2021-10-11) + + +The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue. + + +- [Live-Hack-CVE/CVE-2021-24683](https://github.com/Live-Hack-CVE/CVE-2021-24683) + +### CVE-2021-24685 (2021-11-01) + + +The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload) + + +- [Live-Hack-CVE/CVE-2021-24685](https://github.com/Live-Hack-CVE/CVE-2021-24685) + +### CVE-2021-24695 (2021-11-08) + + +The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames + + +- [Live-Hack-CVE/CVE-2021-24695](https://github.com/Live-Hack-CVE/CVE-2021-24695) + ### CVE-2021-24728 (2021-09-13) @@ -13760,6 +13960,38 @@ The Membership & Content Restriction – Paid Member Subscriptions WordPress - [Live-Hack-CVE/CVE-2021-24728](https://github.com/Live-Hack-CVE/CVE-2021-24728) +### CVE-2021-24730 (2022-02-28) + + +The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. + + +- [Live-Hack-CVE/CVE-2021-24730](https://github.com/Live-Hack-CVE/CVE-2021-24730) + +### CVE-2021-24739 (2021-12-21) + + +The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature + + +- [Live-Hack-CVE/CVE-2021-24739](https://github.com/Live-Hack-CVE/CVE-2021-24739) + +### CVE-2021-24822 (2021-11-29) + + +The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters + + +- [Live-Hack-CVE/CVE-2021-24822](https://github.com/Live-Hack-CVE/CVE-2021-24822) + +### CVE-2021-24930 (2021-12-06) + + +The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue + + +- [Live-Hack-CVE/CVE-2021-24930](https://github.com/Live-Hack-CVE/CVE-2021-24930) + ### CVE-2021-24942 (2022-12-26) @@ -13834,6 +14066,7 @@ The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used with - [darkpills/CVE-2021-25094-tatsu-preauth-rce](https://github.com/darkpills/CVE-2021-25094-tatsu-preauth-rce) - [TUANB4DUT/typehub-exploiter](https://github.com/TUANB4DUT/typehub-exploiter) - [xdx57/CVE-2021-25094](https://github.com/xdx57/CVE-2021-25094) +- [Live-Hack-CVE/CVE-2021-25094](https://github.com/Live-Hack-CVE/CVE-2021-25094) ### CVE-2021-25095 (2022-02-07) @@ -13987,6 +14220,14 @@ Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsisten - [iczc/Ethermint-CVE-2021-25837](https://github.com/iczc/Ethermint-CVE-2021-25837) +### CVE-2021-25956 (2021-08-17) + + +In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name. + + +- [Live-Hack-CVE/CVE-2021-25956](https://github.com/Live-Hack-CVE/CVE-2021-25956) + ### CVE-2021-26084 (2021-08-30) @@ -14007,6 +14248,14 @@ Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can ### CVE-2021-26121 - [sourceincite/CVE-2021-26121](https://github.com/sourceincite/CVE-2021-26121) +### CVE-2021-26251 (2022-11-11) + + +Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. + + +- [Live-Hack-CVE/CVE-2021-26251](https://github.com/Live-Hack-CVE/CVE-2021-26251) + ### CVE-2021-26252 (2022-02-24) @@ -14509,6 +14758,14 @@ A critical unauthenticated remote code execution vulnerability was found all rec - [dorkerdevil/CVE-2021-27850_POC](https://github.com/dorkerdevil/CVE-2021-27850_POC) - [novysodope/CVE-2021-27850](https://github.com/novysodope/CVE-2021-27850) +### CVE-2021-27853 (2022-09-27) + + +Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. + + +- [Live-Hack-CVE/CVE-2021-27853](https://github.com/Live-Hack-CVE/CVE-2021-27853) + ### CVE-2021-27890 (2021-03-15) @@ -14569,6 +14826,38 @@ The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 ha - [mathisvickie/CVE-2021-27965](https://github.com/mathisvickie/CVE-2021-27965) - [Exploitables/CVE-2021-27965](https://github.com/Exploitables/CVE-2021-27965) +### CVE-2021-28275 (2022-03-23) + + +A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. + + +- [Live-Hack-CVE/CVE-2021-28275](https://github.com/Live-Hack-CVE/CVE-2021-28275) + +### CVE-2021-28276 (2022-03-23) + + +A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. + + +- [Live-Hack-CVE/CVE-2021-28276](https://github.com/Live-Hack-CVE/CVE-2021-28276) + +### CVE-2021-28277 (2022-03-23) + + +A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. + + +- [Live-Hack-CVE/CVE-2021-28277](https://github.com/Live-Hack-CVE/CVE-2021-28277) + +### CVE-2021-28278 (2022-03-23) + + +A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. + + +- [Live-Hack-CVE/CVE-2021-28278](https://github.com/Live-Hack-CVE/CVE-2021-28278) + ### CVE-2021-28310 (2021-04-13) @@ -14593,7 +14882,6 @@ Hyper-V Remote Code Execution Vulnerability - [0vercl0k/CVE-2021-28476](https://github.com/0vercl0k/CVE-2021-28476) - [bluefrostsecurity/CVE-2021-28476](https://github.com/bluefrostsecurity/CVE-2021-28476) -- [2273852279qqs/0vercl0k](https://github.com/2273852279qqs/0vercl0k) - [dengyang123x/0vercl0k](https://github.com/dengyang123x/0vercl0k) ### CVE-2021-28480 (2021-04-13) @@ -14603,7 +14891,6 @@ Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is uni - [ZephrFish/CVE-2021-28480_HoneyPoC3](https://github.com/ZephrFish/CVE-2021-28480_HoneyPoC3) -- [Threonic/CVE-2021-28480](https://github.com/Threonic/CVE-2021-28480) ### CVE-2021-28482 (2021-04-13) @@ -14754,14 +15041,7 @@ Grav is a file based Web-platform. Twig processing of static pages can be enable - [CsEnox/CVE-2021-29440](https://github.com/CsEnox/CVE-2021-29440) - -### CVE-2021-29441 (2021-04-27) - - -Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server. - - -- [bysinks/CVE-2021-29441](https://github.com/bysinks/CVE-2021-29441) +- [Live-Hack-CVE/CVE-2021-29440](https://github.com/Live-Hack-CVE/CVE-2021-29440) ### CVE-2021-29447 (2021-04-15) @@ -14926,6 +15206,14 @@ Apache OFBiz has unsafe deserialization prior to 17.12.07 version - [LioTree/CVE-2021-30128-EXP](https://github.com/LioTree/CVE-2021-30128-EXP) - [backlion/CVE-2021-30128](https://github.com/backlion/CVE-2021-30128) +### CVE-2021-30130 (2021-04-06) + + +phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. + + +- [Live-Hack-CVE/CVE-2021-30130](https://github.com/Live-Hack-CVE/CVE-2021-30130) + ### CVE-2021-30134 (2022-12-26) @@ -14984,6 +15272,14 @@ Valve Steam through 2021-04-10, when a Source engine game is installed, allows r - [floesen/CVE-2021-30481](https://github.com/floesen/CVE-2021-30481) +### CVE-2021-30498 (2021-05-26) + + +A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. + + +- [Live-Hack-CVE/CVE-2021-30498](https://github.com/Live-Hack-CVE/CVE-2021-30498) + ### CVE-2021-30547 (2021-06-15) @@ -14992,14 +15288,6 @@ Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a r - [Live-Hack-CVE/CVE-2021-30547](https://github.com/Live-Hack-CVE/CVE-2021-30547) -### CVE-2021-30682 (2021-09-08) - - -A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. - - -- [threatnix/csp-playground](https://github.com/threatnix/csp-playground) - ### CVE-2021-30731 (2021-09-08) @@ -15030,11 +15318,6 @@ A memory corruption vulnerability was addressed with improved locking. This issu A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. -- [timb-machine-mirrors/CVE-2021-30955](https://github.com/timb-machine-mirrors/CVE-2021-30955) -- [nickorlow/CVE-2021-30955-POC](https://github.com/nickorlow/CVE-2021-30955-POC) -- [verygenericname/CVE-2021-30955-POC-IPA](https://github.com/verygenericname/CVE-2021-30955-POC-IPA) -- [b1n4r1b01/desc_race](https://github.com/b1n4r1b01/desc_race) -- [markie-dev/desc_race_A15](https://github.com/markie-dev/desc_race_A15) - [Dylbin/desc_race](https://github.com/Dylbin/desc_race) - [GeoSn0w/Pentagram-exploit-tester](https://github.com/GeoSn0w/Pentagram-exploit-tester) @@ -15067,7 +15350,6 @@ HTTP Protocol Stack Remote Code Execution Vulnerability - [zecopro/CVE-2021-31166](https://github.com/zecopro/CVE-2021-31166) - [bgsilvait/WIn-CVE-2021-31166](https://github.com/bgsilvait/WIn-CVE-2021-31166) - [Udyz/CVE-2021-31166](https://github.com/Udyz/CVE-2021-31166) -- [mauricelambert/CVE-2021-31166](https://github.com/mauricelambert/CVE-2021-31166) - [0xmaximus/Home-Demolisher](https://github.com/0xmaximus/Home-Demolisher) ### CVE-2021-31184 (2021-05-11) @@ -15078,6 +15360,14 @@ Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulner - [waleedassar/CVE-2021-31184](https://github.com/waleedassar/CVE-2021-31184) +### CVE-2021-31525 (2021-05-27) + + +net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. + + +- [Live-Hack-CVE/CVE-2021-31525](https://github.com/Live-Hack-CVE/CVE-2021-31525) + ### CVE-2021-31566 (2022-08-23) @@ -15279,6 +15569,14 @@ A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean - [Live-Hack-CVE/CVE-2021-32000](https://github.com/Live-Hack-CVE/CVE-2021-32000) +### CVE-2021-32001 (2021-07-28) + + +K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions. + + +- [Live-Hack-CVE/CVE-2021-32001](https://github.com/Live-Hack-CVE/CVE-2021-32001) + ### CVE-2021-32027 (2021-06-01) @@ -15295,14 +15593,6 @@ A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE co - [Live-Hack-CVE/CVE-2021-32028](https://github.com/Live-Hack-CVE/CVE-2021-32028) -### CVE-2021-32099 (2021-05-06) - - -A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. - - -- [akr3ch/CVE-2021-32099](https://github.com/akr3ch/CVE-2021-32099) - ### CVE-2021-32156 (2022-04-11) @@ -15360,14 +15650,6 @@ A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through - [Mesh3l911/CVE-2021-32162](https://github.com/Mesh3l911/CVE-2021-32162) -### CVE-2021-32399 (2021-05-10) - - -net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. - - -- [nanopathi/linux-4.19.72_CVE-2021-32399](https://github.com/nanopathi/linux-4.19.72_CVE-2021-32399) - ### CVE-2021-32415 (2022-12-13) @@ -15408,6 +15690,38 @@ Realtek HAD contains a driver crashed vulnerability which allows local side atta - [0vercl0k/CVE-2021-32537](https://github.com/0vercl0k/CVE-2021-32537) +### CVE-2021-32607 (2021-05-12) + + +An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message. + + +- [Live-Hack-CVE/CVE-2021-32607](https://github.com/Live-Hack-CVE/CVE-2021-32607) + +### CVE-2021-32608 (2021-05-12) + + +An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. + + +- [Live-Hack-CVE/CVE-2021-32608](https://github.com/Live-Hack-CVE/CVE-2021-32608) + +### CVE-2021-32682 (2021-06-14) + + +elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. + + +- [Live-Hack-CVE/CVE-2021-32682](https://github.com/Live-Hack-CVE/CVE-2021-32682) + +### CVE-2021-32686 (2021-07-23) + + +PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1. + + +- [Live-Hack-CVE/CVE-2021-32686](https://github.com/Live-Hack-CVE/CVE-2021-32686) + ### CVE-2021-32692 (2022-12-22) @@ -15464,6 +15778,38 @@ In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-fre - [Trinadh465/device_renesas_kernel_AOSP10_r33_CVE-2021-33034](https://github.com/Trinadh465/device_renesas_kernel_AOSP10_r33_CVE-2021-33034) +### CVE-2021-33064 (2022-11-11) + + +Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2021-33064](https://github.com/Live-Hack-CVE/CVE-2021-33064) + +### CVE-2021-33159 (2022-11-11) + + +Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2021-33159](https://github.com/Live-Hack-CVE/CVE-2021-33159) + +### CVE-2021-33164 (2022-11-11) + + +Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2021-33164](https://github.com/Live-Hack-CVE/CVE-2021-33164) + +### CVE-2021-33196 (2021-08-02) + + +In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. + + +- [Live-Hack-CVE/CVE-2021-33196](https://github.com/Live-Hack-CVE/CVE-2021-33196) + ### CVE-2021-33420 (2022-12-15) @@ -15555,6 +15901,22 @@ An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby a - [mlr0p/CVE-2021-33564](https://github.com/mlr0p/CVE-2021-33564) - [dorkerdevil/CVE-2021-33564](https://github.com/dorkerdevil/CVE-2021-33564) +### CVE-2021-33574 (2021-05-25) + + +The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. + + +- [Live-Hack-CVE/CVE-2021-33574](https://github.com/Live-Hack-CVE/CVE-2021-33574) + +### CVE-2021-33618 (2021-11-10) + + +Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. + + +- [Live-Hack-CVE/CVE-2021-33618](https://github.com/Live-Hack-CVE/CVE-2021-33618) + ### CVE-2021-33621 (2022-11-18) @@ -15603,6 +15965,14 @@ Microsoft DWM Core Library Elevation of Privilege Vulnerability - [freeide2017/CVE-2021-33739-POC](https://github.com/freeide2017/CVE-2021-33739-POC) +### CVE-2021-33816 (2021-11-10) + + +The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. + + +- [Live-Hack-CVE/CVE-2021-33816](https://github.com/Live-Hack-CVE/CVE-2021-33816) + ### CVE-2021-33879 (2021-06-06) @@ -15680,6 +16050,54 @@ Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an - [Live-Hack-CVE/CVE-2021-34552](https://github.com/Live-Hack-CVE/CVE-2021-34552) +### CVE-2021-34566 (2022-11-09) + + +In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. + + +- [Live-Hack-CVE/CVE-2021-34566](https://github.com/Live-Hack-CVE/CVE-2021-34566) + +### CVE-2021-34567 (2022-11-09) + + +In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. + + +- [Live-Hack-CVE/CVE-2021-34567](https://github.com/Live-Hack-CVE/CVE-2021-34567) + +### CVE-2021-34568 (2022-11-09) + + +In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. + + +- [Live-Hack-CVE/CVE-2021-34568](https://github.com/Live-Hack-CVE/CVE-2021-34568) + +### CVE-2021-34569 (2022-11-09) + + +In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. + + +- [Live-Hack-CVE/CVE-2021-34569](https://github.com/Live-Hack-CVE/CVE-2021-34569) + +### CVE-2021-34577 (2022-11-09) + + +In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. + + +- [Live-Hack-CVE/CVE-2021-34577](https://github.com/Live-Hack-CVE/CVE-2021-34577) + +### CVE-2021-34579 (2022-11-09) + + +In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections. + + +- [Live-Hack-CVE/CVE-2021-34579](https://github.com/Live-Hack-CVE/CVE-2021-34579) + ### CVE-2021-34767 (2021-09-22) @@ -15793,14 +16211,6 @@ Vulnerability in the Oracle Database Enterprise Edition Unified Audit component - [emad-almousa/CVE-2021-35576](https://github.com/emad-almousa/CVE-2021-35576) -### CVE-2021-35587 (2022-01-19) - - -Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). - - -- [antx-code/CVE-2021-35587](https://github.com/antx-code/CVE-2021-35587) - ### CVE-2021-35938 (2022-08-25) @@ -15825,6 +16235,14 @@ An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Ap - [Live-Hack-CVE/CVE-2021-35940](https://github.com/Live-Hack-CVE/CVE-2021-35940) +### CVE-2021-35942 (2021-07-22) + + +The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. + + +- [Live-Hack-CVE/CVE-2021-35942](https://github.com/Live-Hack-CVE/CVE-2021-35942) + ### CVE-2021-35951 (2022-12-26) @@ -15886,6 +16304,14 @@ Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation - [Live-Hack-CVE/CVE-2021-36338](https://github.com/Live-Hack-CVE/CVE-2021-36338) +### CVE-2021-36369 (2022-10-12) + + +An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. + + +- [Live-Hack-CVE/CVE-2021-36369](https://github.com/Live-Hack-CVE/CVE-2021-36369) + ### CVE-2021-36408 (2022-01-10) @@ -15983,6 +16409,22 @@ A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of - [Live-Hack-CVE/CVE-2021-36778](https://github.com/Live-Hack-CVE/CVE-2021-36778) +### CVE-2021-36779 (2021-12-17) + + +A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. + + +- [Live-Hack-CVE/CVE-2021-36779](https://github.com/Live-Hack-CVE/CVE-2021-36779) + +### CVE-2021-36780 (2021-12-17) + + +A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v. + + +- [Live-Hack-CVE/CVE-2021-36780](https://github.com/Live-Hack-CVE/CVE-2021-36780) + ### CVE-2021-36782 (2022-09-07) @@ -15991,6 +16433,14 @@ A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allow - [fe-ax/tf-cve-2021-36782](https://github.com/fe-ax/tf-cve-2021-36782) +### CVE-2021-36783 (2022-09-07) + + +A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. + + +- [Live-Hack-CVE/CVE-2021-36783](https://github.com/Live-Hack-CVE/CVE-2021-36783) + ### CVE-2021-36798 (2021-08-09) @@ -16007,6 +16457,22 @@ A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSys - [robertguetzkow/ets5-password-recovery](https://github.com/robertguetzkow/ets5-password-recovery) +### CVE-2021-36885 (2021-12-22) + + +Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1). + + +- [Live-Hack-CVE/CVE-2021-36885](https://github.com/Live-Hack-CVE/CVE-2021-36885) + +### CVE-2021-36886 (2021-12-22) + + +Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). + + +- [Live-Hack-CVE/CVE-2021-36886](https://github.com/Live-Hack-CVE/CVE-2021-36886) + ### CVE-2021-36905 (2022-11-17) @@ -16063,6 +16529,14 @@ The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an - [Live-Hack-CVE/CVE-2021-37701](https://github.com/Live-Hack-CVE/CVE-2021-37701) +### CVE-2021-37706 (2021-12-22) + + +PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds. + + +- [Live-Hack-CVE/CVE-2021-37706](https://github.com/Live-Hack-CVE/CVE-2021-37706) + ### CVE-2021-37712 (2021-08-31) @@ -16259,6 +16733,23 @@ A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 appli - [m4sk0ff/CVE-2021-38819](https://github.com/m4sk0ff/CVE-2021-38819) +- [Live-Hack-CVE/CVE-2021-38819](https://github.com/Live-Hack-CVE/CVE-2021-38819) + +### CVE-2021-38827 (2022-11-13) + + +Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. + + +- [Live-Hack-CVE/CVE-2021-38827](https://github.com/Live-Hack-CVE/CVE-2021-38827) + +### CVE-2021-38828 (2022-11-13) + + +Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. + + +- [Live-Hack-CVE/CVE-2021-38828](https://github.com/Live-Hack-CVE/CVE-2021-38828) ### CVE-2021-38997 (2022-12-12) @@ -16276,6 +16767,14 @@ IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user c - [Live-Hack-CVE/CVE-2021-39077](https://github.com/Live-Hack-CVE/CVE-2021-39077) +### CVE-2021-39144 (2021-08-23) + + +XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. + + +- [Live-Hack-CVE/CVE-2021-39144](https://github.com/Live-Hack-CVE/CVE-2021-39144) + ### CVE-2021-39165 (2021-08-26) @@ -16397,6 +16896,14 @@ In TBD of TBD, there is a possible way to archive arbitrary code execution in ke - [Live-Hack-CVE/CVE-2021-39660](https://github.com/Live-Hack-CVE/CVE-2021-39660) +### CVE-2021-39661 (2022-11-08) + + +In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784 + + +- [Live-Hack-CVE/CVE-2021-39661](https://github.com/Live-Hack-CVE/CVE-2021-39661) + ### CVE-2021-39674 (2022-02-11) @@ -16461,6 +16968,54 @@ Vulnerability of pointers being incorrectly used during data transmission in the - [Live-Hack-CVE/CVE-2021-40012](https://github.com/Live-Hack-CVE/CVE-2021-40012) +### CVE-2021-40017 (2022-09-16) + + +The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. + + +- [Live-Hack-CVE/CVE-2021-40017](https://github.com/Live-Hack-CVE/CVE-2021-40017) + +### CVE-2021-40158 (2022-01-25) + + +A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. + + +- [Live-Hack-CVE/CVE-2021-40158](https://github.com/Live-Hack-CVE/CVE-2021-40158) + +### CVE-2021-40159 (2022-01-25) + + +An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process. + + +- [Live-Hack-CVE/CVE-2021-40159](https://github.com/Live-Hack-CVE/CVE-2021-40159) + +### CVE-2021-40226 (2022-11-10) + + +xpdfreader 4.03 is vulnerable to Buffer Overflow. + + +- [Live-Hack-CVE/CVE-2021-40226](https://github.com/Live-Hack-CVE/CVE-2021-40226) + +### CVE-2021-40272 (2022-11-14) + + +OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS). + + +- [Live-Hack-CVE/CVE-2021-40272](https://github.com/Live-Hack-CVE/CVE-2021-40272) + +### CVE-2021-40289 (2022-11-10) + + +mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). + + +- [Live-Hack-CVE/CVE-2021-40289](https://github.com/Live-Hack-CVE/CVE-2021-40289) + ### CVE-2021-40303 (2022-11-08) @@ -16468,6 +17023,7 @@ perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile - [zecopro/CVE-2021-40303](https://github.com/zecopro/CVE-2021-40303) +- [Live-Hack-CVE/CVE-2021-40303](https://github.com/Live-Hack-CVE/CVE-2021-40303) ### CVE-2021-40345 (2021-10-26) @@ -16476,6 +17032,7 @@ An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of th - [ArianeBlow/NagiosXI-RCE-all-version-CVE-2021-40345](https://github.com/ArianeBlow/NagiosXI-RCE-all-version-CVE-2021-40345) +- [Live-Hack-CVE/CVE-2021-40345](https://github.com/Live-Hack-CVE/CVE-2021-40345) ### CVE-2021-40346 (2021-09-08) @@ -16485,6 +17042,14 @@ An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can - [Vulnmachines/HAProxy_CVE-2021-40346](https://github.com/Vulnmachines/HAProxy_CVE-2021-40346) +### CVE-2021-40348 (2021-11-01) + + +Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. + + +- [Live-Hack-CVE/CVE-2021-40348](https://github.com/Live-Hack-CVE/CVE-2021-40348) + ### CVE-2021-40365 (2022-12-13) @@ -16493,13 +17058,13 @@ A vulnerability has been identified in SIMATIC Drive Controller family (All vers - [Live-Hack-CVE/CVE-2021-40365](https://github.com/Live-Hack-CVE/CVE-2021-40365) -### CVE-2021-40373 (2021-09-10) +### CVE-2021-40369 (2021-11-24) -playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. +A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later. -- [maikroservice/CVE-2021-40373](https://github.com/maikroservice/CVE-2021-40373) +- [Live-Hack-CVE/CVE-2021-40369](https://github.com/Live-Hack-CVE/CVE-2021-40369) ### CVE-2021-40438 (2021-09-16) @@ -16507,7 +17072,6 @@ playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. -- [Kashkovsky/CVE-2021-40438](https://github.com/Kashkovsky/CVE-2021-40438) - [gassara-kys/CVE-2021-40438](https://github.com/gassara-kys/CVE-2021-40438) ### CVE-2021-40444 (2021-09-15) @@ -16520,14 +17084,6 @@ Microsoft MSHTML Remote Code Execution Vulnerability - [RedLeavesChilde/CVE-2021-40444](https://github.com/RedLeavesChilde/CVE-2021-40444) - [nvchungkma/CVE-2021-40444-Microsoft-Office-Word-Remote-Code-Execution-](https://github.com/nvchungkma/CVE-2021-40444-Microsoft-Office-Word-Remote-Code-Execution-) -### CVE-2021-40449 (2021-10-12) - - -Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357. - - -- [SamuelTulach/voidmap](https://github.com/SamuelTulach/voidmap) - ### CVE-2021-40462 (2021-10-12) @@ -16608,14 +17164,6 @@ An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestr - [JoyGhoshs/CVE-2021-40870](https://github.com/JoyGhoshs/CVE-2021-40870) -### CVE-2021-40875 (2021-09-22) - - -Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data. - - -- [Lul/TestRail-files.md5-IAC-scanner](https://github.com/Lul/TestRail-files.md5-IAC-scanner) - ### CVE-2021-40903 (2022-06-17) @@ -16657,14 +17205,6 @@ CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the inp - [nisdn/CVE-2021-40978](https://github.com/nisdn/CVE-2021-40978) -### CVE-2021-41073 (2021-09-19) - - -loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. - - -- [chompie1337/Linux_LPE_io_uring_CVE-2021-41073](https://github.com/chompie1337/Linux_LPE_io_uring_CVE-2021-41073) - ### CVE-2021-41078 (2021-10-26) @@ -16681,6 +17221,14 @@ keypair is a a RSA PEM key generator written in javascript. keypair implements a - [badkeys/keypairvuln](https://github.com/badkeys/keypairvuln) +### CVE-2021-41141 (2022-01-04) + + +PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch. + + +- [Live-Hack-CVE/CVE-2021-41141](https://github.com/Live-Hack-CVE/CVE-2021-41141) + ### CVE-2021-41160 (2021-10-21) @@ -16712,15 +17260,14 @@ Metabase is an open source data analytics platform. In affected versions a secur - [Vulnmachines/Metabase_CVE-2021-41277](https://github.com/Vulnmachines/Metabase_CVE-2021-41277) -- [Chen-ling-afk/CVE-2021-41277](https://github.com/Chen-ling-afk/CVE-2021-41277) -### CVE-2021-41338 (2021-10-12) +### CVE-2021-41313 (2021-10-31) -Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability +Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. -- [Mario-Kart-Felix/firewall-cve](https://github.com/Mario-Kart-Felix/firewall-cve) +- [Live-Hack-CVE/CVE-2021-41313](https://github.com/Live-Hack-CVE/CVE-2021-41313) ### CVE-2021-41349 (2021-11-09) @@ -16730,6 +17277,14 @@ Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE- - [0xrobiul/CVE-2021-41349](https://github.com/0xrobiul/CVE-2021-41349) +### CVE-2021-41381 (2021-09-23) + + +Payara Micro Community 5.2021.6 and below allows Directory Traversal. + + +- [Live-Hack-CVE/CVE-2021-41381](https://github.com/Live-Hack-CVE/CVE-2021-41381) + ### CVE-2021-41556 (2022-07-28) @@ -16752,16 +17307,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - [noflowpls/CVE-2021-41773](https://github.com/noflowpls/CVE-2021-41773) - [LudovicPatho/CVE-2021-41773](https://github.com/LudovicPatho/CVE-2021-41773) - [walnutsecurity/cve-2021-41773](https://github.com/walnutsecurity/cve-2021-41773) -- [skentagon/CVE-2021-41773](https://github.com/skentagon/CVE-2021-41773) -- [mauricelambert/CVE-2021-41773](https://github.com/mauricelambert/CVE-2021-41773) -- [the29a/CVE-2021-41773](https://github.com/the29a/CVE-2021-41773) -- [thehackersbrain/CVE-2021-41773](https://github.com/thehackersbrain/CVE-2021-41773) -- [honypot/CVE-2021-41773](https://github.com/honypot/CVE-2021-41773) -- [Fa1c0n35/CVE-2021-41773](https://github.com/Fa1c0n35/CVE-2021-41773) -- [Evil-d0Zz/CVE-2021-41773-](https://github.com/Evil-d0Zz/CVE-2021-41773-) -- [puckiestyle/CVE-2021-41773](https://github.com/puckiestyle/CVE-2021-41773) - [n3utr1n00/CVE-2021-41773](https://github.com/n3utr1n00/CVE-2021-41773) -- [DoTuan1/Reserch-CVE-2021-41773](https://github.com/DoTuan1/Reserch-CVE-2021-41773) - [bernardas/netsec-polygon](https://github.com/bernardas/netsec-polygon) - [CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit](https://github.com/CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit) - [vuongnv3389-sec/cve-2021-41773](https://github.com/vuongnv3389-sec/cve-2021-41773) @@ -16829,9 +17375,6 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - [Vulnmachines/cve-2021-42013](https://github.com/Vulnmachines/cve-2021-42013) - [walnutsecurity/cve-2021-42013](https://github.com/walnutsecurity/cve-2021-42013) - [jas9reet/CVE-2021-42013-LAB](https://github.com/jas9reet/CVE-2021-42013-LAB) -- [tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway](https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway) -- [mauricelambert/CVE-2021-42013](https://github.com/mauricelambert/CVE-2021-42013) -- [honypot/CVE-2021-42013](https://github.com/honypot/CVE-2021-42013) - [Adashz/CVE-2021-42013](https://github.com/Adashz/CVE-2021-42013) - [viliuspovilaika/cve-2021-42013](https://github.com/viliuspovilaika/cve-2021-42013) - [theykillmeslowly/CVE-2021-42013](https://github.com/theykillmeslowly/CVE-2021-42013) @@ -16848,14 +17391,6 @@ Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 - [z00z00z00/Safenet_SAC_CVE-2021-42056](https://github.com/z00z00z00/Safenet_SAC_CVE-2021-42056) -### CVE-2021-42171 (2022-03-14) - - -Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. - - -- [minhnq22/CVE-2021-42171](https://github.com/minhnq22/CVE-2021-42171) - ### CVE-2021-42183 (2022-05-05) @@ -16872,6 +17407,14 @@ Konga v0.14.9 is affected by an incorrect access control vulnerability where a s - [Live-Hack-CVE/CVE-2021-42192](https://github.com/Live-Hack-CVE/CVE-2021-42192) +### CVE-2021-42205 (2022-11-07) + + +ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. + + +- [Live-Hack-CVE/CVE-2021-42205](https://github.com/Live-Hack-CVE/CVE-2021-42205) + ### CVE-2021-42230 (2022-04-15) @@ -16904,7 +17447,6 @@ Active Directory Domain Services Elevation of Privilege Vulnerability This CVE I Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291. -- [XiaoliChan/Invoke-sAMSpoofing](https://github.com/XiaoliChan/Invoke-sAMSpoofing) - [TryA9ain/noPac](https://github.com/TryA9ain/noPac) ### CVE-2021-42321 (2021-11-09) @@ -16964,62 +17506,6 @@ XML External Entity (XXE) vulnerability in the file based service provider creat - [Live-Hack-CVE/CVE-2021-42646](https://github.com/Live-Hack-CVE/CVE-2021-42646) -### CVE-2021-42662 (2021-11-05) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. - - -- [0xDeku/CVE-2021-42662](https://github.com/0xDeku/CVE-2021-42662) - -### CVE-2021-42663 (2021-11-05) - - -An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice. - - -- [0xDeku/CVE-2021-42663](https://github.com/0xDeku/CVE-2021-42663) - -### CVE-2021-42664 (2021-11-05) - - -A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. - - -- [0xDeku/CVE-2021-42664](https://github.com/0xDeku/CVE-2021-42664) - -### CVE-2021-42665 (2021-11-05) - - -An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. - - -- [0xDeku/CVE-2021-42665](https://github.com/0xDeku/CVE-2021-42665) - -### CVE-2021-42666 (2021-11-05) - - -A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. - - -- [0xDeku/CVE-2021-42666](https://github.com/0xDeku/CVE-2021-42666) - -### CVE-2021-42667 (2021-11-05) - - -A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. - - -- [0xDeku/CVE-2021-42667](https://github.com/0xDeku/CVE-2021-42667) - -### CVE-2021-42668 (2021-11-05) - - -A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server. - - -- [0xDeku/CVE-2021-42668](https://github.com/0xDeku/CVE-2021-42668) - ### CVE-2021-42669 (2021-11-05) @@ -17028,22 +17514,6 @@ A file upload vulnerability exists in Sourcecodester Engineers Online Portal in - [0xDeku/CVE-2021-42669](https://github.com/0xDeku/CVE-2021-42669) -### CVE-2021-42670 (2021-11-05) - - -A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. - - -- [0xDeku/CVE-2021-42670](https://github.com/0xDeku/CVE-2021-42670) - -### CVE-2021-42671 (2021-11-05) - - -An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization. - - -- [0xDeku/CVE-2021-42671](https://github.com/0xDeku/CVE-2021-42671) - ### CVE-2021-42694 (2021-10-31) @@ -17205,6 +17675,46 @@ An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continu - [Wrin9/CVE-2021-43287](https://github.com/Wrin9/CVE-2021-43287) +### CVE-2021-43299 (2022-02-16) + + +Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. + + +- [Live-Hack-CVE/CVE-2021-43299](https://github.com/Live-Hack-CVE/CVE-2021-43299) + +### CVE-2021-43300 (2022-02-16) + + +Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. + + +- [Live-Hack-CVE/CVE-2021-43300](https://github.com/Live-Hack-CVE/CVE-2021-43300) + +### CVE-2021-43301 (2022-02-16) + + +Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. + + +- [Live-Hack-CVE/CVE-2021-43301](https://github.com/Live-Hack-CVE/CVE-2021-43301) + +### CVE-2021-43302 (2022-02-16) + + +Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. + + +- [Live-Hack-CVE/CVE-2021-43302](https://github.com/Live-Hack-CVE/CVE-2021-43302) + +### CVE-2021-43303 (2022-02-16) + + +Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied + + +- [Live-Hack-CVE/CVE-2021-43303](https://github.com/Live-Hack-CVE/CVE-2021-43303) + ### CVE-2021-43304 (2022-03-14) @@ -17399,13 +17909,19 @@ A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mb Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. -- [k3rwin/CVE-2021-43798-Grafana](https://github.com/k3rwin/CVE-2021-43798-Grafana) - [Jroo1053/GrafanaDirInclusion](https://github.com/Jroo1053/GrafanaDirInclusion) -- [yasin-cs-ko-ak/grafana-cve-2021-43798](https://github.com/yasin-cs-ko-ak/grafana-cve-2021-43798) - [hupe1980/CVE-2021-43798](https://github.com/hupe1980/CVE-2021-43798) - [trhacknon/exploit-grafana-CVE-2021-43798](https://github.com/trhacknon/exploit-grafana-CVE-2021-43798) - [YourKeeper/SunScope](https://github.com/YourKeeper/SunScope) +### CVE-2021-43804 (2021-12-22) + + +PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds. + + +- [Live-Hack-CVE/CVE-2021-43804](https://github.com/Live-Hack-CVE/CVE-2021-43804) + ### CVE-2021-43811 (2021-12-08) @@ -17422,6 +17938,14 @@ lxml is a library for processing XML and HTML in the Python language. Prior to v - [Live-Hack-CVE/CVE-2021-43818](https://github.com/Live-Hack-CVE/CVE-2021-43818) +### CVE-2021-43845 (2021-12-27) + + +PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size. + + +- [Live-Hack-CVE/CVE-2021-43845](https://github.com/Live-Hack-CVE/CVE-2021-43845) + ### CVE-2021-43857 (2021-12-27) @@ -17446,13 +17970,21 @@ Visual Studio Code Spoofing Vulnerability - [Sudistark/vscode-rce-electrovolt](https://github.com/Sudistark/vscode-rce-electrovolt) -### CVE-2021-43936 (2021-12-06) +### CVE-2021-43946 (2022-01-04) -The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. +Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. -- [LongWayHomie/CVE-2021-43936](https://github.com/LongWayHomie/CVE-2021-43936) +- [Live-Hack-CVE/CVE-2021-43946](https://github.com/Live-Hack-CVE/CVE-2021-43946) + +### CVE-2021-43980 (2022-09-28) + + +The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. + + +- [Live-Hack-CVE/CVE-2021-43980](https://github.com/Live-Hack-CVE/CVE-2021-43980) ### CVE-2021-44103 - [paulotrindadec/CVE-2021-44103](https://github.com/paulotrindadec/CVE-2021-44103) @@ -17471,8 +18003,6 @@ A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fu The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. -- [hrsman/Samba-CVE-2021-44142](https://github.com/hrsman/Samba-CVE-2021-44142) -- [horizon3ai/CVE-2021-44142](https://github.com/horizon3ai/CVE-2021-44142) - [gudyrmik/CVE-2021-44142](https://github.com/gudyrmik/CVE-2021-44142) ### CVE-2021-44227 (2021-12-01) @@ -17497,7 +18027,6 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - [f0ng/log4j2burpscanner](https://github.com/f0ng/log4j2burpscanner) - [logpresso/CVE-2021-44228-Scanner](https://github.com/logpresso/CVE-2021-44228-Scanner) - [b-abderrahmane/CVE-2021-44228-playground](https://github.com/b-abderrahmane/CVE-2021-44228-playground) -- [mergebase/log4j-detector](https://github.com/mergebase/log4j-detector) - [corretto/hotpatch-for-apache-log4j2](https://github.com/corretto/hotpatch-for-apache-log4j2) - [cyberxml/log4j-poc](https://github.com/cyberxml/log4j-poc) - [fullhunt/log4j-scan](https://github.com/fullhunt/log4j-scan) @@ -17506,36 +18035,20 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - [irgoncalves/f5-waf-quick-patch-cve-2021-44228](https://github.com/irgoncalves/f5-waf-quick-patch-cve-2021-44228) - [alexbakker/log4shell-tools](https://github.com/alexbakker/log4shell-tools) - [0xInfection/LogMePwn](https://github.com/0xInfection/LogMePwn) -- [CERTCC/CVE-2021-44228_scanner](https://github.com/CERTCC/CVE-2021-44228_scanner) - [isuruwa/Log4j](https://github.com/isuruwa/Log4j) - [aws-samples/kubernetes-log4j-cve-2021-44228-node-agent](https://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent) - [thomaspatzke/Log4Pot](https://github.com/thomaspatzke/Log4Pot) - [Joefreedy/Log4j-Windows-Scanner](https://github.com/Joefreedy/Log4j-Windows-Scanner) -- [andalik/log4j-filescan](https://github.com/andalik/log4j-filescan) - [Kr0ff/CVE-2021-44228](https://github.com/Kr0ff/CVE-2021-44228) - [nu11secur1ty/CVE-2021-44228-VULN-APP](https://github.com/nu11secur1ty/CVE-2021-44228-VULN-APP) -- [DANSI/PowerShell-Log4J-Scanner](https://github.com/DANSI/PowerShell-Log4J-Scanner) - [intel-xeon/CVE-2021-44228---detection-with-PowerShell](https://github.com/intel-xeon/CVE-2021-44228---detection-with-PowerShell) -- [erickrr-bd/TekiumLog4jApp](https://github.com/erickrr-bd/TekiumLog4jApp) -- [BabooPan/Log4Shell-CVE-2021-44228-Demo](https://github.com/BabooPan/Log4Shell-CVE-2021-44228-Demo) - [puzzlepeaches/Log4jUnifi](https://github.com/puzzlepeaches/Log4jUnifi) - [marcourbano/CVE-2021-44228](https://github.com/marcourbano/CVE-2021-44228) -- [bsigouin/log4shell-vulnerable-app](https://github.com/bsigouin/log4shell-vulnerable-app) -- [felipe8398/ModSec-log4j2](https://github.com/felipe8398/ModSec-log4j2) - [mazhar-hassan/log4j-vulnerability](https://github.com/mazhar-hassan/log4j-vulnerability) -- [s-retlaw/l4s_poc](https://github.com/s-retlaw/l4s_poc) - [alexpena5635/CVE-2021-44228_scanner-main-Modified-](https://github.com/alexpena5635/CVE-2021-44228_scanner-main-Modified-) - [Vulnmachines/log4jshell_CVE-2021-44228](https://github.com/Vulnmachines/log4jshell_CVE-2021-44228) -- [mr-vill4in/log4j-fuzzer](https://github.com/mr-vill4in/log4j-fuzzer) -- [aajuvonen/log4stdin](https://github.com/aajuvonen/log4stdin) - [hotpotcookie/log4shell-white-box](https://github.com/hotpotcookie/log4shell-white-box) - [s-retlaw/l4srs](https://github.com/s-retlaw/l4srs) -- [Ananya-0306/Log-4j-scanner](https://github.com/Ananya-0306/Log-4j-scanner) -- [paulvkitor/log4shellwithlog4j2_13_3](https://github.com/paulvkitor/log4shellwithlog4j2_13_3) -- [MiguelM001/vulescanjndilookup](https://github.com/MiguelM001/vulescanjndilookup) -- [Jun-5heng/CVE-2021-44228](https://github.com/Jun-5heng/CVE-2021-44228) -- [honypot/CVE-2021-44228](https://github.com/honypot/CVE-2021-44228) -- [honypot/CVE-2021-44228-vuln-app](https://github.com/honypot/CVE-2021-44228-vuln-app) - [manishkanyal/log4j-scanner](https://github.com/manishkanyal/log4j-scanner) - [TPower2112/Writing-Sample-1](https://github.com/TPower2112/Writing-Sample-1) - [Willian-2-0-0-1/Log4j-Exploit-CVE-2021-44228](https://github.com/Willian-2-0-0-1/Log4j-Exploit-CVE-2021-44228) @@ -17588,7 +18101,6 @@ When running Apache Cassandra with the following configuration: enable_user_defi A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). -- [jkana/CVE-2021-44529](https://github.com/jkana/CVE-2021-44529) - [jax7sec/CVE-2021-44529](https://github.com/jax7sec/CVE-2021-44529) ### CVE-2021-44582 (2022-06-10) @@ -17623,6 +18135,14 @@ A vulnerability has been identified in SIMATIC Drive Controller family (All vers - [Live-Hack-CVE/CVE-2021-44695](https://github.com/Live-Hack-CVE/CVE-2021-44695) +### CVE-2021-44716 (2021-12-31) + + +net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. + + +- [Live-Hack-CVE/CVE-2021-44716](https://github.com/Live-Hack-CVE/CVE-2021-44716) + ### CVE-2021-44731 (2022-02-17) @@ -17663,14 +18183,6 @@ A broken access control vulnerability in the SubNet_handler_func function of spx - [Live-Hack-CVE/CVE-2021-44776](https://github.com/Live-Hack-CVE/CVE-2021-44776) -### CVE-2021-44827 (2022-03-04) - - -There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. - - -- [full-disclosure/CVE-2021-44827](https://github.com/full-disclosure/CVE-2021-44827) - ### CVE-2021-44852 (2022-01-01) @@ -17703,29 +18215,12 @@ An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1. - [Live-Hack-CVE/CVE-2021-44856](https://github.com/Live-Hack-CVE/CVE-2021-44856) -### CVE-2021-45007 (2022-02-20) - - -** DISPUTED ** Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users. - - -- [AS4mir/CVE-2021-45007](https://github.com/AS4mir/CVE-2021-45007) - -### CVE-2021-45008 (2022-02-21) - - -** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users. - - -- [AS4mir/CVE-2021-45008](https://github.com/AS4mir/CVE-2021-45008) - ### CVE-2021-45010 (2022-03-15) A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. -- [febinrev/CVE-2021-45010-TinyFileManager-Exploit](https://github.com/febinrev/CVE-2021-45010-TinyFileManager-Exploit) - [BKreisel/CVE-2021-45010](https://github.com/BKreisel/CVE-2021-45010) ### CVE-2021-45036 (2022-11-28) @@ -17808,6 +18303,14 @@ In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_co - [Satheesh575555/linux-4.19.72_CVE-2021-45485](https://github.com/Satheesh575555/linux-4.19.72_CVE-2021-45485) +### CVE-2021-45848 (2022-03-15) + + +Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. + + +- [Live-Hack-CVE/CVE-2021-45848](https://github.com/Live-Hack-CVE/CVE-2021-45848) + ### CVE-2021-45901 (2022-02-10) @@ -17897,14 +18400,6 @@ File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attacker - [Live-Hack-CVE/CVE-2021-46386](https://github.com/Live-Hack-CVE/CVE-2021-46386) -### CVE-2021-46398 (2022-02-04) - - -A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. - - -- [febinrev/CVE-2021-46398_Chamilo-LMS-RCE](https://github.com/febinrev/CVE-2021-46398_Chamilo-LMS-RCE) - ### CVE-2021-46417 (2022-04-07) @@ -17957,6 +18452,14 @@ In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors - [Live-Hack-CVE/CVE-2021-46828](https://github.com/Live-Hack-CVE/CVE-2021-46828) +### CVE-2021-46837 (2022-08-30) + + +res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. + + +- [Live-Hack-CVE/CVE-2021-46837](https://github.com/Live-Hack-CVE/CVE-2021-46837) + ### CVE-2021-46846 (2022-11-03) @@ -17973,6 +18476,22 @@ GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affe - [Live-Hack-CVE/CVE-2021-46848](https://github.com/Live-Hack-CVE/CVE-2021-46848) +### CVE-2021-46851 (2022-11-09) + + +The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback. + + +- [Live-Hack-CVE/CVE-2021-46851](https://github.com/Live-Hack-CVE/CVE-2021-46851) + +### CVE-2021-46852 (2022-11-09) + + +The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. + + +- [Live-Hack-CVE/CVE-2021-46852](https://github.com/Live-Hack-CVE/CVE-2021-46852) + ### CVE-2021-46853 (2022-11-03) @@ -18017,7 +18536,6 @@ In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bou - [leommxj/cve-2020-0022](https://github.com/leommxj/cve-2020-0022) - [k3vinlusec/Bluefrag_CVE-2020-0022](https://github.com/k3vinlusec/Bluefrag_CVE-2020-0022) - [Polo35/CVE-2020-0022](https://github.com/Polo35/CVE-2020-0022) -- [5k1l/cve-2020-0022](https://github.com/5k1l/cve-2020-0022) - [lsw29475/CVE-2020-0022](https://github.com/lsw29475/CVE-2020-0022) - [devdanqtuan/poc-for-cve-2020-0022](https://github.com/devdanqtuan/poc-for-cve-2020-0022) @@ -18060,14 +18578,6 @@ In startActivities of ActivityStartController.java, there is a possible escalati - [liuyun201990/StrandHogg2](https://github.com/liuyun201990/StrandHogg2) - [tea9/CVE-2020-0096-StrandHogg2](https://github.com/tea9/CVE-2020-0096-StrandHogg2) -### CVE-2020-0113 (2020-06-10) - - -In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-150944913 - - -- [XDo0/ServiceCheater](https://github.com/XDo0/ServiceCheater) - ### CVE-2020-0121 (2020-06-10) @@ -18593,8 +19103,6 @@ An elevation of privilege vulnerability exists when the Windows Background Intel - [cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION](https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION) -- [MasterSploit/CVE-2020-0787](https://github.com/MasterSploit/CVE-2020-0787) -- [MasterSploit/CVE-2020-0787-BitsArbitraryFileMove-master](https://github.com/MasterSploit/CVE-2020-0787-BitsArbitraryFileMove-master) - [yanghaoi/CVE-2020-0787](https://github.com/yanghaoi/CVE-2020-0787) ### CVE-2020-0796 (2020-03-12) @@ -18662,7 +19170,6 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve - [1060275195/SMBGhost](https://github.com/1060275195/SMBGhost) - [Almorabea/SMBGhost-LPE-Metasploit-Module](https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module) - [datntsec/CVE-2020-0796](https://github.com/datntsec/CVE-2020-0796) -- [MasterSploit/LPE---CVE-2020-0796](https://github.com/MasterSploit/LPE---CVE-2020-0796) - [ORCA666/CVE-2020-0796](https://github.com/ORCA666/CVE-2020-0796) - [1stPeak/CVE-2020-0796-Scanner](https://github.com/1stPeak/CVE-2020-0796-Scanner) - [Anonimo501/SMBGhost_CVE-2020-0796_checker](https://github.com/Anonimo501/SMBGhost_CVE-2020-0796_checker) @@ -18874,8 +19381,6 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu - [Fa1c0n35/CVE-2020-1472-02-](https://github.com/Fa1c0n35/CVE-2020-1472-02-) - [CPO-EH/CVE-2020-1472_ZeroLogonChecker](https://github.com/CPO-EH/CVE-2020-1472_ZeroLogonChecker) - [puckiestyle/CVE-2020-1472](https://github.com/puckiestyle/CVE-2020-1472) -- [JayP232/The_big_Zero](https://github.com/JayP232/The_big_Zero) -- [SaharAttackit/CVE-2020-1472](https://github.com/SaharAttackit/CVE-2020-1472) - [wrathfulDiety/zerologon](https://github.com/wrathfulDiety/zerologon) - [YossiSassi/ZeroLogon-Exploitation-Check](https://github.com/YossiSassi/ZeroLogon-Exploitation-Check) - [sho-luv/zerologon](https://github.com/sho-luv/zerologon) @@ -18924,6 +19429,30 @@ A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an a - [Ibonok/CVE-2020-1611](https://github.com/Ibonok/CVE-2020-1611) +### CVE-2020-1706 (2020-03-09) + + +It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container. + + +- [Live-Hack-CVE/CVE-2020-1706](https://github.com/Live-Hack-CVE/CVE-2020-1706) + +### CVE-2020-1707 (2020-03-20) + + +A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. + + +- [Live-Hack-CVE/CVE-2020-1707](https://github.com/Live-Hack-CVE/CVE-2020-1707) + +### CVE-2020-1709 (2020-03-20) + + +A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. + + +- [Live-Hack-CVE/CVE-2020-1709](https://github.com/Live-Hack-CVE/CVE-2020-1709) + ### CVE-2020-1712 (2020-03-31) @@ -18932,6 +19461,22 @@ A heap use-after-free vulnerability was found in systemd before version v245-rc1 - [Live-Hack-CVE/CVE-2020-1712](https://github.com/Live-Hack-CVE/CVE-2020-1712) +### CVE-2020-1730 (2020-04-13) + + +A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. + + +- [Live-Hack-CVE/CVE-2020-1730](https://github.com/Live-Hack-CVE/CVE-2020-1730) + +### CVE-2020-1744 (2020-03-24) + + +A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events. + + +- [Live-Hack-CVE/CVE-2020-1744](https://github.com/Live-Hack-CVE/CVE-2020-1744) + ### CVE-2020-1937 (2020-02-24) @@ -19028,13 +19573,13 @@ The Raccoon attack exploits a flaw in the TLS specification which can lead to an - [Live-Hack-CVE/CVE-2020-1968](https://github.com/Live-Hack-CVE/CVE-2020-1968) -### CVE-2020-1971 (2020-12-08) +### CVE-2020-2026 (2020-06-10) -The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). +A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions. -- [MBHudson/CVE-2020-1971](https://github.com/MBHudson/CVE-2020-1971) +- [Live-Hack-CVE/CVE-2020-2026](https://github.com/Live-Hack-CVE/CVE-2020-2026) ### CVE-2020-2038 (2020-09-09) @@ -19044,6 +19589,14 @@ An OS Command Injection vulnerability in the PAN-OS management interface that al - [und3sc0n0c1d0/CVE-2020-2038](https://github.com/und3sc0n0c1d0/CVE-2020-2038) +### CVE-2020-2091 (2020-01-15) + + +A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. + + +- [Live-Hack-CVE/CVE-2020-2091](https://github.com/Live-Hack-CVE/CVE-2020-2091) + ### CVE-2020-2333 - [section-c/CVE-2020-2333](https://github.com/section-c/CVE-2020-2333) @@ -19148,7 +19701,6 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - [Y4er/CVE-2020-2883](https://github.com/Y4er/CVE-2020-2883) - [MagicZer0/Weblogic_CVE-2020-2883_POC](https://github.com/MagicZer0/Weblogic_CVE-2020-2883_POC) - [ZZZWD/CVE-2020-2883](https://github.com/ZZZWD/CVE-2020-2883) -- [Al1ex/CVE-2020-2883](https://github.com/Al1ex/CVE-2020-2883) - [Qynklee/POC_CVE-2020-2883](https://github.com/Qynklee/POC_CVE-2020-2883) ### CVE-2020-2950 (2020-04-15) @@ -19217,7 +19769,6 @@ A vulnerability in the web services interface of Cisco Adaptive Security Applian - [paran0id34/CVE-2020-3452](https://github.com/paran0id34/CVE-2020-3452) -- [cygenta/CVE-2020-3452](https://github.com/cygenta/CVE-2020-3452) - [darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter) - [fuzzlove/Cisco-ASA-FTD-Web-Services-Traversal](https://github.com/fuzzlove/Cisco-ASA-FTD-Web-Services-Traversal) - [faisalfs10x/Cisco-CVE-2020-3452-shodan-scanner](https://github.com/faisalfs10x/Cisco-CVE-2020-3452-shodan-scanner) @@ -19287,7 +19838,6 @@ VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x be OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. -- [HynekPetrak/CVE-2019-5544_CVE-2020-3992](https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992) - [dgh05t/VMware_ESXI_OpenSLP_PoCs](https://github.com/dgh05t/VMware_ESXI_OpenSLP_PoCs) ### CVE-2020-4276 (2020-03-26) @@ -19502,6 +20052,14 @@ In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, - [Live-Hack-CVE/CVE-2020-5913](https://github.com/Live-Hack-CVE/CVE-2020-5913) +### CVE-2020-6020 (2020-09-24) + + +Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. + + +- [Live-Hack-CVE/CVE-2020-6020](https://github.com/Live-Hack-CVE/CVE-2020-6020) + ### CVE-2020-6096 (2020-04-01) @@ -19533,7 +20091,6 @@ SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410 - [InitRoot/CVE-2020-6308-PoC](https://github.com/InitRoot/CVE-2020-6308-PoC) -- [freeFV/CVE-2020-6308-mass-exploiter](https://github.com/freeFV/CVE-2020-6308-mass-exploiter) - [TheMMMdev/CVE-2020-6308](https://github.com/TheMMMdev/CVE-2020-6308) ### CVE-2020-6364 (2020-10-14) @@ -19571,6 +20128,22 @@ Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote at - [CENSUS/whatsapp-mitd-mitm](https://github.com/CENSUS/whatsapp-mitd-mitm) +### CVE-2020-6624 (2020-01-08) + + +jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. + + +- [Live-Hack-CVE/CVE-2020-6624](https://github.com/Live-Hack-CVE/CVE-2020-6624) + +### CVE-2020-6625 (2020-01-08) + + +jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. + + +- [Live-Hack-CVE/CVE-2020-6625](https://github.com/Live-Hack-CVE/CVE-2020-6625) + ### CVE-2020-6627 (2022-12-06) @@ -19598,6 +20171,14 @@ A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano a ### CVE-2020-6888 - [section-c/CVE-2020-6888](https://github.com/section-c/CVE-2020-6888) +### CVE-2020-7016 (2020-07-27) + + +Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive. + + +- [Live-Hack-CVE/CVE-2020-7016](https://github.com/Live-Hack-CVE/CVE-2020-7016) + ### CVE-2020-7048 (2020-01-16) @@ -19630,6 +20211,7 @@ A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An a - [arafatansari/SecAssignment](https://github.com/arafatansari/SecAssignment) - [pswalia2u/CVE-2020-7246](https://github.com/pswalia2u/CVE-2020-7246) +- [Live-Hack-CVE/CVE-2020-7246](https://github.com/Live-Hack-CVE/CVE-2020-7246) ### CVE-2020-7247 (2020-01-29) @@ -19740,6 +20322,14 @@ querymen prior to 2.1.4 allows modification of object properties. The parameters - [Live-Hack-CVE/CVE-2020-7600](https://github.com/Live-Hack-CVE/CVE-2020-7600) +### CVE-2020-7608 (2020-03-16) + + +yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. + + +- [Live-Hack-CVE/CVE-2020-7608](https://github.com/Live-Hack-CVE/CVE-2020-7608) + ### CVE-2020-7616 (2020-04-07) @@ -20013,6 +20603,14 @@ All versions of package gedi are vulnerable to Prototype Pollution via the set f - [Live-Hack-CVE/CVE-2020-7727](https://github.com/Live-Hack-CVE/CVE-2020-7727) +### CVE-2020-7729 (2020-09-03) + + +The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. + + +- [Live-Hack-CVE/CVE-2020-7729](https://github.com/Live-Hack-CVE/CVE-2020-7729) + ### CVE-2020-7736 (2020-10-02) @@ -20129,7 +20727,6 @@ Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows - [wcxxxxx/CVE-2020-7961](https://github.com/wcxxxxx/CVE-2020-7961) - [thelostworldFree/CVE-2020-7961-payloads](https://github.com/thelostworldFree/CVE-2020-7961-payloads) - [shacojx/LifeRCEJsonWSTool-POC-CVE-2020-7961-Gui](https://github.com/shacojx/LifeRCEJsonWSTool-POC-CVE-2020-7961-Gui) -- [shacojx/POC-CVE-2020-7961-Token-iterate](https://github.com/shacojx/POC-CVE-2020-7961-Token-iterate) - [Udyz/CVE-2020-7961-Mass](https://github.com/Udyz/CVE-2020-7961-Mass) - [ShutdownRepo/CVE-2020-7961](https://github.com/ShutdownRepo/CVE-2020-7961) - [pashayogi/CVE-2020-7961-Mass](https://github.com/pashayogi/CVE-2020-7961-Mass) @@ -20142,6 +20739,30 @@ Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS command - [Xh4H/Satellian-CVE-2020-7980](https://github.com/Xh4H/Satellian-CVE-2020-7980) +### CVE-2020-7994 (2020-01-26) + + +Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page. + + +- [Live-Hack-CVE/CVE-2020-7994](https://github.com/Live-Hack-CVE/CVE-2020-7994) + +### CVE-2020-7995 (2020-01-26) + + +The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. + + +- [Live-Hack-CVE/CVE-2020-7995](https://github.com/Live-Hack-CVE/CVE-2020-7995) + +### CVE-2020-7996 (2020-01-26) + + +htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. + + +- [Live-Hack-CVE/CVE-2020-7996](https://github.com/Live-Hack-CVE/CVE-2020-7996) + ### CVE-2020-8002 (2020-01-26) @@ -20238,14 +20859,6 @@ Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker t - [knokbak/get-pixels-updated](https://github.com/knokbak/get-pixels-updated) - [knokbak/save-pixels-updated](https://github.com/knokbak/save-pixels-updated) -### CVE-2020-8209 (2020-08-17) - - -Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. - - -- [B1anda0/CVE-2020-8209](https://github.com/B1anda0/CVE-2020-8209) - ### CVE-2020-8218 (2020-07-30) @@ -20276,7 +20889,6 @@ A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface cou A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. -- [masahiro331/CVE-2020-8277](https://github.com/masahiro331/CVE-2020-8277) - [AndrewIjano/CVE-2020-8277](https://github.com/AndrewIjano/CVE-2020-8277) ### CVE-2020-8284 (2020-12-14) @@ -20359,10 +20971,17 @@ Kubernetes API server in all versions allow an attacker who is able to create a - [rancher/externalip-webhook](https://github.com/rancher/externalip-webhook) - [jrmurray000/CVE-2020-8554](https://github.com/jrmurray000/CVE-2020-8554) -- [twistlock/k8s-cve-2020-8554-mitigations](https://github.com/twistlock/k8s-cve-2020-8554-mitigations) - [Dviejopomata/CVE-2020-8554](https://github.com/Dviejopomata/CVE-2020-8554) - [alebedev87/gatekeeper-cve-2020-8554](https://github.com/alebedev87/gatekeeper-cve-2020-8554) +### CVE-2020-8555 (2020-06-04) + + +The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). + + +- [Live-Hack-CVE/CVE-2020-8555](https://github.com/Live-Hack-CVE/CVE-2020-8555) + ### CVE-2020-8597 (2020-02-03) @@ -20501,6 +21120,14 @@ Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v - [kyletimmermans/blackboard-xss](https://github.com/kyletimmermans/blackboard-xss) +### CVE-2020-9016 (2020-02-16) + + +Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. + + +- [Live-Hack-CVE/CVE-2020-9016](https://github.com/Live-Hack-CVE/CVE-2020-9016) + ### CVE-2020-9038 (2020-02-17) @@ -20714,6 +21341,14 @@ A resource exhaustion issue was addressed with improved input validation. This i - [Live-Hack-CVE/CVE-2020-10005](https://github.com/Live-Hack-CVE/CVE-2020-10005) +### CVE-2020-10029 (2020-03-04) + + +The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. + + +- [Live-Hack-CVE/CVE-2020-10029](https://github.com/Live-Hack-CVE/CVE-2020-10029) + ### CVE-2020-10135 (2020-05-19) @@ -20843,6 +21478,14 @@ FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee - [harry1080/CVE-2020-10673](https://github.com/harry1080/CVE-2020-10673) - [Al1ex/CVE-2020-10673](https://github.com/Al1ex/CVE-2020-10673) +### CVE-2020-10684 (2020-03-24) + + +A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. + + +- [Live-Hack-CVE/CVE-2020-10684](https://github.com/Live-Hack-CVE/CVE-2020-10684) + ### CVE-2020-10685 (2020-05-11) @@ -20851,6 +21494,14 @@ A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x befor - [Live-Hack-CVE/CVE-2020-10685](https://github.com/Live-Hack-CVE/CVE-2020-10685) +### CVE-2020-10699 (2020-04-15) + + +A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root. + + +- [Live-Hack-CVE/CVE-2020-10699](https://github.com/Live-Hack-CVE/CVE-2020-10699) + ### CVE-2020-10704 (2020-05-06) @@ -20867,6 +21518,46 @@ A flaw was found where the Plaintext Candlepin password is disclosed while updat - [Live-Hack-CVE/CVE-2020-10710](https://github.com/Live-Hack-CVE/CVE-2020-10710) +### CVE-2020-10713 (2020-07-30) + + +A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + +- [Live-Hack-CVE/CVE-2020-10713](https://github.com/Live-Hack-CVE/CVE-2020-10713) + +### CVE-2020-10714 (2020-09-23) + + +A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + +- [Live-Hack-CVE/CVE-2020-10714](https://github.com/Live-Hack-CVE/CVE-2020-10714) + +### CVE-2020-10717 (2020-05-04) + + +A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. + + +- [Live-Hack-CVE/CVE-2020-10717](https://github.com/Live-Hack-CVE/CVE-2020-10717) + +### CVE-2020-10732 (2020-06-12) + + +A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. + + +- [Live-Hack-CVE/CVE-2020-10732](https://github.com/Live-Hack-CVE/CVE-2020-10732) + +### CVE-2020-10735 (2022-09-09) + + +A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. + + +- [Live-Hack-CVE/CVE-2020-10735](https://github.com/Live-Hack-CVE/CVE-2020-10735) + ### CVE-2020-10737 (2020-05-26) @@ -20899,6 +21590,14 @@ A PGP signature bypass flaw was found in fwupd (all versions), which could lead - [justinsteven/CVE-2020-10759-poc](https://github.com/justinsteven/CVE-2020-10759-poc) +### CVE-2020-10761 (2020-06-09) + + +An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. + + +- [Live-Hack-CVE/CVE-2020-10761](https://github.com/Live-Hack-CVE/CVE-2020-10761) + ### CVE-2020-10770 (2020-12-15) @@ -20906,6 +21605,31 @@ A flaw was found in Keycloak before 13.0.0, where it is possible to force the se - [ColdFusionX/Keycloak-12.0.1-CVE-2020-10770](https://github.com/ColdFusionX/Keycloak-12.0.1-CVE-2020-10770) +- [Live-Hack-CVE/CVE-2020-10770](https://github.com/Live-Hack-CVE/CVE-2020-10770) + +### CVE-2020-10802 (2020-03-21) + + +In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. + + +- [Live-Hack-CVE/CVE-2020-10802](https://github.com/Live-Hack-CVE/CVE-2020-10802) + +### CVE-2020-10803 (2020-03-21) + + +In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. + + +- [Live-Hack-CVE/CVE-2020-10803](https://github.com/Live-Hack-CVE/CVE-2020-10803) + +### CVE-2020-10804 (2020-03-21) + + +In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). + + +- [Live-Hack-CVE/CVE-2020-10804](https://github.com/Live-Hack-CVE/CVE-2020-10804) ### CVE-2020-10915 (2020-04-22) @@ -20923,6 +21647,14 @@ An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. A - [Live-Hack-CVE/CVE-2020-10932](https://github.com/Live-Hack-CVE/CVE-2020-10932) +### CVE-2020-10936 (2020-05-27) + + +Sympa before 6.2.56 allows privilege escalation. + + +- [Live-Hack-CVE/CVE-2020-10936](https://github.com/Live-Hack-CVE/CVE-2020-10936) + ### CVE-2020-10941 (2020-03-24) @@ -20947,7 +21679,6 @@ GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an iss - [KooroshRZ/CVE-2020-10977](https://github.com/KooroshRZ/CVE-2020-10977) - [thewhiteh4t/cve-2020-10977](https://github.com/thewhiteh4t/cve-2020-10977) -- [JustMichi/CVE-2020-10977.py](https://github.com/JustMichi/CVE-2020-10977.py) - [JayHerlth/cve-2020-10977](https://github.com/JayHerlth/cve-2020-10977) - [erk3/gitlab-12.9.0-file-read](https://github.com/erk3/gitlab-12.9.0-file-read) - [liath/CVE-2020-10977](https://github.com/liath/CVE-2020-10977) @@ -21126,7 +21857,6 @@ An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2 - [lovelyjuice/cve-2020-11651-exp-plus](https://github.com/lovelyjuice/cve-2020-11651-exp-plus) - [heikanet/CVE-2020-11651-CVE-2020-11652-EXP](https://github.com/heikanet/CVE-2020-11651-CVE-2020-11652-EXP) - [RakhithJK/CVE-2020-11651](https://github.com/RakhithJK/CVE-2020-11651) -- [appcheck-ng/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652](https://github.com/appcheck-ng/salt-rce-scanner-CVE-2020-11651-CVE-2020-11652) - [puckiestyle/cve-2020-11651](https://github.com/puckiestyle/cve-2020-11651) ### CVE-2020-11652 (2020-04-30) @@ -21146,6 +21876,54 @@ An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x befor - [Live-Hack-CVE/CVE-2020-11653](https://github.com/Live-Hack-CVE/CVE-2020-11653) +### CVE-2020-11759 (2020-04-14) + + +An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. + + +- [Live-Hack-CVE/CVE-2020-11759](https://github.com/Live-Hack-CVE/CVE-2020-11759) + +### CVE-2020-11760 (2020-04-14) + + +An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. + + +- [Live-Hack-CVE/CVE-2020-11760](https://github.com/Live-Hack-CVE/CVE-2020-11760) + +### CVE-2020-11761 (2020-04-14) + + +An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. + + +- [Live-Hack-CVE/CVE-2020-11761](https://github.com/Live-Hack-CVE/CVE-2020-11761) + +### CVE-2020-11762 (2020-04-14) + + +An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. + + +- [Live-Hack-CVE/CVE-2020-11762](https://github.com/Live-Hack-CVE/CVE-2020-11762) + +### CVE-2020-11763 (2020-04-14) + + +An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. + + +- [Live-Hack-CVE/CVE-2020-11763](https://github.com/Live-Hack-CVE/CVE-2020-11763) + +### CVE-2020-11764 (2020-04-14) + + +An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. + + +- [Live-Hack-CVE/CVE-2020-11764](https://github.com/Live-Hack-CVE/CVE-2020-11764) + ### CVE-2020-11794 - [w4cky/CVE-2020-11794](https://github.com/w4cky/CVE-2020-11794) @@ -21157,6 +21935,22 @@ In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location ins - [danyx07/PoC-RCE-Rukovoditel](https://github.com/danyx07/PoC-RCE-Rukovoditel) +### CVE-2020-11823 (2020-04-16) + + +In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account. + + +- [Live-Hack-CVE/CVE-2020-11823](https://github.com/Live-Hack-CVE/CVE-2020-11823) + +### CVE-2020-11825 (2020-04-16) + + +In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation. + + +- [Live-Hack-CVE/CVE-2020-11825](https://github.com/Live-Hack-CVE/CVE-2020-11825) + ### CVE-2020-11851 (2020-11-16) @@ -21165,6 +21959,22 @@ Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, a - [ch1nghz/CVE-2020-11851](https://github.com/ch1nghz/CVE-2020-11851) +### CVE-2020-11853 (2020-10-22) + + +Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code. + + +- [Live-Hack-CVE/CVE-2020-11853](https://github.com/Live-Hack-CVE/CVE-2020-11853) + +### CVE-2020-11858 (2020-10-27) + + +Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges. + + +- [Live-Hack-CVE/CVE-2020-11858](https://github.com/Live-Hack-CVE/CVE-2020-11858) + ### CVE-2020-11881 (2020-09-14) @@ -21215,14 +22025,6 @@ It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS - [Staubgeborener/CVE-2020-11932](https://github.com/Staubgeborener/CVE-2020-11932) - [code-developers/CVE-2020-11932](https://github.com/code-developers/CVE-2020-11932) -### CVE-2020-11975 (2020-06-05) - - -Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. - - -- [1135/unomi_exploit](https://github.com/1135/unomi_exploit) - ### CVE-2020-11978 (2020-07-16) @@ -21296,6 +22098,14 @@ Zoho ManageEngine OpManager Stable build before 124196 and Released build before - [BeetleChunks/CVE-2020-12116](https://github.com/BeetleChunks/CVE-2020-12116) +### CVE-2020-12137 (2020-04-24) + + +GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. + + +- [Live-Hack-CVE/CVE-2020-12137](https://github.com/Live-Hack-CVE/CVE-2020-12137) + ### CVE-2020-12255 (2020-05-18) @@ -21304,6 +22114,14 @@ rConfig 3.9.4 is vulnerable to remote code execution due to improper validation - [vishwaraj101/CVE-2020-12255](https://github.com/vishwaraj101/CVE-2020-12255) +### CVE-2020-12272 (2020-04-27) + + +OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring. + + +- [Live-Hack-CVE/CVE-2020-12272](https://github.com/Live-Hack-CVE/CVE-2020-12272) + ### CVE-2020-12351 (2020-11-23) @@ -21321,6 +22139,30 @@ OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null terminat - [Live-Hack-CVE/CVE-2020-12460](https://github.com/Live-Hack-CVE/CVE-2020-12460) +### CVE-2020-12507 (2022-11-15) + + +In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS. + + +- [Live-Hack-CVE/CVE-2020-12507](https://github.com/Live-Hack-CVE/CVE-2020-12507) + +### CVE-2020-12508 (2022-11-15) + + +In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module. + + +- [Live-Hack-CVE/CVE-2020-12508](https://github.com/Live-Hack-CVE/CVE-2020-12508) + +### CVE-2020-12509 (2022-11-07) + + +In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. + + +- [Live-Hack-CVE/CVE-2020-12509](https://github.com/Live-Hack-CVE/CVE-2020-12509) + ### CVE-2020-12593 (2020-11-18) @@ -21337,6 +22179,14 @@ include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. - [mkelepce/CVE-2020-12629](https://github.com/mkelepce/CVE-2020-12629) +### CVE-2020-12672 (2020-05-05) + + +GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. + + +- [Live-Hack-CVE/CVE-2020-12672](https://github.com/Live-Hack-CVE/CVE-2020-12672) + ### CVE-2020-12688 - [TheCyberGeek/Centreon-20.04](https://github.com/TheCyberGeek/Centreon-20.04) @@ -21390,6 +22240,22 @@ An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, a - [shinyquagsire23/CVE-2020-12753-PoC](https://github.com/shinyquagsire23/CVE-2020-12753-PoC) +### CVE-2020-12762 (2020-05-09) + + +json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. + + +- [Live-Hack-CVE/CVE-2020-12762](https://github.com/Live-Hack-CVE/CVE-2020-12762) + +### CVE-2020-12783 (2020-05-11) + + +Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. + + +- [Live-Hack-CVE/CVE-2020-12783](https://github.com/Live-Hack-CVE/CVE-2020-12783) + ### CVE-2020-12800 (2020-06-08) @@ -21438,6 +22304,30 @@ A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device - [Live-Hack-CVE/CVE-2020-12861](https://github.com/Live-Hack-CVE/CVE-2020-12861) +### CVE-2020-12862 (2020-06-24) + + +An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. + + +- [Live-Hack-CVE/CVE-2020-12862](https://github.com/Live-Hack-CVE/CVE-2020-12862) + +### CVE-2020-12863 (2020-06-24) + + +An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. + + +- [Live-Hack-CVE/CVE-2020-12863](https://github.com/Live-Hack-CVE/CVE-2020-12863) + +### CVE-2020-12865 (2020-06-24) + + +A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. + + +- [Live-Hack-CVE/CVE-2020-12865](https://github.com/Live-Hack-CVE/CVE-2020-12865) + ### CVE-2020-12866 (2020-06-24) @@ -21446,6 +22336,22 @@ A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious dev - [Live-Hack-CVE/CVE-2020-12866](https://github.com/Live-Hack-CVE/CVE-2020-12866) +### CVE-2020-12867 (2020-06-01) + + +A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. + + +- [Live-Hack-CVE/CVE-2020-12867](https://github.com/Live-Hack-CVE/CVE-2020-12867) + +### CVE-2020-12888 (2020-05-15) + + +The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. + + +- [Live-Hack-CVE/CVE-2020-12888](https://github.com/Live-Hack-CVE/CVE-2020-12888) + ### CVE-2020-12928 (2020-10-13) @@ -21494,6 +22400,30 @@ Artica Proxy before 4.30.000000 Community Edition allows OS command injection vi - [InfoSec4Fun/CVE-2020-13159](https://github.com/InfoSec4Fun/CVE-2020-13159) +### CVE-2020-13239 (2020-05-20) + + +The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS. + + +- [Live-Hack-CVE/CVE-2020-13239](https://github.com/Live-Hack-CVE/CVE-2020-13239) + +### CVE-2020-13240 (2020-05-20) + + +The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. + + +- [Live-Hack-CVE/CVE-2020-13240](https://github.com/Live-Hack-CVE/CVE-2020-13240) + +### CVE-2020-13249 (2020-05-20) + + +libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. + + +- [Live-Hack-CVE/CVE-2020-13249](https://github.com/Live-Hack-CVE/CVE-2020-13249) + ### CVE-2020-13254 (2020-06-03) @@ -21502,6 +22432,14 @@ An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cas - [danpalmer/django-cve-2020-13254](https://github.com/danpalmer/django-cve-2020-13254) +### CVE-2020-13285 (2020-08-13) + + +For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. + + +- [Live-Hack-CVE/CVE-2020-13285](https://github.com/Live-Hack-CVE/CVE-2020-13285) + ### CVE-2020-13294 (2020-08-10) @@ -21537,6 +22475,22 @@ An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parse - [Live-Hack-CVE/CVE-2020-13498](https://github.com/Live-Hack-CVE/CVE-2020-13498) +### CVE-2020-13614 (2020-05-26) + + +An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. + + +- [Live-Hack-CVE/CVE-2020-13614](https://github.com/Live-Hack-CVE/CVE-2020-13614) + +### CVE-2020-13659 (2020-06-02) + + +address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. + + +- [Live-Hack-CVE/CVE-2020-13659](https://github.com/Live-Hack-CVE/CVE-2020-13659) + ### CVE-2020-13692 (2020-06-04) @@ -21563,6 +22517,14 @@ GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session - [shigeki/challenge_CVE-2020-13777](https://github.com/shigeki/challenge_CVE-2020-13777) - [prprhyt/PoC_TLS1_3_CVE-2020-13777](https://github.com/prprhyt/PoC_TLS1_3_CVE-2020-13777) +### CVE-2020-13828 (2020-08-31) + + +Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. + + +- [Live-Hack-CVE/CVE-2020-13828](https://github.com/Live-Hack-CVE/CVE-2020-13828) + ### CVE-2020-13884 (2020-06-08) @@ -21627,11 +22589,6 @@ Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5. It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem. -- [lp008/CVE-2020-13942](https://github.com/lp008/CVE-2020-13942) -- [eugenebmx/CVE-2020-13942](https://github.com/eugenebmx/CVE-2020-13942) -- [shifa123/CVE-2020-13942-POC-](https://github.com/shifa123/CVE-2020-13942-POC-) -- [blackmarketer/CVE-2020-13942](https://github.com/blackmarketer/CVE-2020-13942) -- [yaunsky/Unomi-CVE-2020-13942](https://github.com/yaunsky/Unomi-CVE-2020-13942) - [hoanx4/apche_unomi_rce](https://github.com/hoanx4/apche_unomi_rce) - [Prodrious/CVE-2020-13942](https://github.com/Prodrious/CVE-2020-13942) @@ -21667,6 +22624,14 @@ Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents - [s-index/CVE-2020-13957](https://github.com/s-index/CVE-2020-13957) +### CVE-2020-14004 (2020-06-12) + + +An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. + + +- [Live-Hack-CVE/CVE-2020-14004](https://github.com/Live-Hack-CVE/CVE-2020-14004) + ### CVE-2020-14043 (2020-08-24) @@ -21775,6 +22740,15 @@ A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL - [0z09e/CVE-2020-14295](https://github.com/0z09e/CVE-2020-14295) - [mrg3ntl3m4n/CVE-2020-14295](https://github.com/mrg3ntl3m4n/CVE-2020-14295) +- [Live-Hack-CVE/CVE-2020-14295](https://github.com/Live-Hack-CVE/CVE-2020-14295) + +### CVE-2020-14307 (2020-07-24) + + +A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. + + +- [Live-Hack-CVE/CVE-2020-14307](https://github.com/Live-Hack-CVE/CVE-2020-14307) ### CVE-2020-14321 (2022-08-16) @@ -21795,6 +22769,30 @@ In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the a - [Live-Hack-CVE/CVE-2020-14322](https://github.com/Live-Hack-CVE/CVE-2020-14322) +### CVE-2020-14330 (2020-09-11) + + +An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. + + +- [Live-Hack-CVE/CVE-2020-14330](https://github.com/Live-Hack-CVE/CVE-2020-14330) + +### CVE-2020-14334 (2020-07-31) + + +A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. + + +- [Live-Hack-CVE/CVE-2020-14334](https://github.com/Live-Hack-CVE/CVE-2020-14334) + +### CVE-2020-14342 (2020-09-09) + + +It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges. + + +- [Live-Hack-CVE/CVE-2020-14342](https://github.com/Live-Hack-CVE/CVE-2020-14342) + ### CVE-2020-14343 (2021-02-09) @@ -21813,6 +22811,14 @@ An integer overflow leading to a heap-buffer overflow was found in The X Input M - [Live-Hack-CVE/CVE-2020-14344](https://github.com/Live-Hack-CVE/CVE-2020-14344) +### CVE-2020-14346 (2020-09-15) + + +A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + +- [Live-Hack-CVE/CVE-2020-14346](https://github.com/Live-Hack-CVE/CVE-2020-14346) + ### CVE-2020-14355 (2020-10-07) @@ -21828,6 +22834,7 @@ A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versio - [ShaikUsaf/linux-4.19.72_CVE-2020-14356](https://github.com/ShaikUsaf/linux-4.19.72_CVE-2020-14356) +- [Live-Hack-CVE/CVE-2020-14356](https://github.com/Live-Hack-CVE/CVE-2020-14356) ### CVE-2020-14364 (2020-08-31) @@ -21837,6 +22844,7 @@ An out-of-bounds read/write access flaw was found in the USB emulator of the QEM - [gejian-iscas/CVE-2020-14364](https://github.com/gejian-iscas/CVE-2020-14364) - [y-f00l/CVE-2020-14364](https://github.com/y-f00l/CVE-2020-14364) +- [Live-Hack-CVE/CVE-2020-14364](https://github.com/Live-Hack-CVE/CVE-2020-14364) ### CVE-2020-14367 (2020-08-24) @@ -21878,6 +22886,14 @@ A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file syste - [Live-Hack-CVE/CVE-2020-14385](https://github.com/Live-Hack-CVE/CVE-2020-14385) +### CVE-2020-14389 (2020-11-16) + + +It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. + + +- [Live-Hack-CVE/CVE-2020-14389](https://github.com/Live-Hack-CVE/CVE-2020-14389) + ### CVE-2020-14393 (2020-09-16) @@ -21894,6 +22910,30 @@ An infinite loop flaw was found in the USB xHCI controller emulation of QEMU whi - [Live-Hack-CVE/CVE-2020-14394](https://github.com/Live-Hack-CVE/CVE-2020-14394) +### CVE-2020-14444 (2020-06-18) + + +An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. + + +- [Live-Hack-CVE/CVE-2020-14444](https://github.com/Live-Hack-CVE/CVE-2020-14444) + +### CVE-2020-14445 (2020-06-18) + + +An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. + + +- [Live-Hack-CVE/CVE-2020-14445](https://github.com/Live-Hack-CVE/CVE-2020-14445) + +### CVE-2020-14446 (2020-06-18) + + +An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. + + +- [Live-Hack-CVE/CVE-2020-14446](https://github.com/Live-Hack-CVE/CVE-2020-14446) + ### CVE-2020-14645 (2020-07-15) @@ -21934,10 +22974,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - [zhzyker/exphub](https://github.com/zhzyker/exphub) -- [Umarovm/-Patched-McMaster-University-Blind-Command-Injection](https://github.com/Umarovm/-Patched-McMaster-University-Blind-Command-Injection) -- [GGyao/CVE-2020-14882_POC](https://github.com/GGyao/CVE-2020-14882_POC) - [GGyao/CVE-2020-14882_ALL](https://github.com/GGyao/CVE-2020-14882_ALL) -- [corelight/CVE-2020-14882-weblogicRCE](https://github.com/corelight/CVE-2020-14882-weblogicRCE) - [adm1in/CodeTest](https://github.com/adm1in/CodeTest) - [pwn3z/CVE-2020-14882-WebLogic](https://github.com/pwn3z/CVE-2020-14882-WebLogic) - [milo2012/CVE-2020-14882](https://github.com/milo2012/CVE-2020-14882) @@ -21964,15 +23001,6 @@ On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to th - [g-rubert/CVE-2020-14965](https://github.com/g-rubert/CVE-2020-14965) -### CVE-2020-15002 (2020-10-23) - - -OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. - - -- [skr0x1c0/Blind-SSRF-CVE-2020-15002](https://github.com/skr0x1c0/Blind-SSRF-CVE-2020-15002) -- [skr0x1c0/SSRF-CVE-2020-15002](https://github.com/skr0x1c0/SSRF-CVE-2020-15002) - ### CVE-2020-15113 (2020-08-05) @@ -21989,6 +23017,14 @@ etcd before versions 3.3.23 and 3.4.10 does not perform any password length vali - [Live-Hack-CVE/CVE-2020-15115](https://github.com/Live-Hack-CVE/CVE-2020-15115) +### CVE-2020-15166 (2020-09-11) + + +In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. + + +- [Live-Hack-CVE/CVE-2020-15166](https://github.com/Live-Hack-CVE/CVE-2020-15166) + ### CVE-2020-15175 (2020-10-07) @@ -22005,6 +23041,14 @@ Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerab - [VottusCode/cve-2020-15227](https://github.com/VottusCode/cve-2020-15227) +### CVE-2020-15229 (2020-10-14) + + +Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that. + + +- [Live-Hack-CVE/CVE-2020-15229](https://github.com/Live-Hack-CVE/CVE-2020-15229) + ### CVE-2020-15257 (2020-11-30) @@ -22021,6 +23065,14 @@ On Windows the Veyon Service before version 4.4.2 contains an unquoted service p - [yaoyao-cool/CVE-2020-15261](https://github.com/yaoyao-cool/CVE-2020-15261) +### CVE-2020-15309 (2020-08-21) + + +An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). + + +- [Live-Hack-CVE/CVE-2020-15309](https://github.com/Live-Hack-CVE/CVE-2020-15309) + ### CVE-2020-15366 (2020-07-15) @@ -22053,6 +23105,22 @@ A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. - [inflixim4be/CVE-2020-15392](https://github.com/inflixim4be/CVE-2020-15392) +### CVE-2020-15395 (2020-06-30) + + +In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). + + +- [Live-Hack-CVE/CVE-2020-15395](https://github.com/Live-Hack-CVE/CVE-2020-15395) + +### CVE-2020-15500 (2020-07-01) + + +An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS. + + +- [Live-Hack-CVE/CVE-2020-15500](https://github.com/Live-Hack-CVE/CVE-2020-15500) + ### CVE-2020-15503 (2020-07-02) @@ -22085,6 +23153,30 @@ By observing the stack trace for JavaScript errors in web workers, it was possib - [Live-Hack-CVE/CVE-2020-15652](https://github.com/Live-Hack-CVE/CVE-2020-15652) +### CVE-2020-15676 (2020-10-01) + + +Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. + + +- [Live-Hack-CVE/CVE-2020-15676](https://github.com/Live-Hack-CVE/CVE-2020-15676) + +### CVE-2020-15677 (2020-10-01) + + +By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. + + +- [Live-Hack-CVE/CVE-2020-15677](https://github.com/Live-Hack-CVE/CVE-2020-15677) + +### CVE-2020-15678 (2020-10-01) + + +When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. + + +- [Live-Hack-CVE/CVE-2020-15678](https://github.com/Live-Hack-CVE/CVE-2020-15678) + ### CVE-2020-15679 (2022-12-22) @@ -22101,6 +23193,14 @@ During the plaintext phase of the STARTTLS connection setup, protocol commands c - [Live-Hack-CVE/CVE-2020-15685](https://github.com/Live-Hack-CVE/CVE-2020-15685) +### CVE-2020-15706 (2020-07-29) + + +GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. + + +- [Live-Hack-CVE/CVE-2020-15706](https://github.com/Live-Hack-CVE/CVE-2020-15706) + ### CVE-2020-15778 (2020-07-24) @@ -22125,6 +23225,7 @@ Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka - [francozappa/blur](https://github.com/francozappa/blur) +- [Live-Hack-CVE/CVE-2020-15802](https://github.com/Live-Hack-CVE/CVE-2020-15802) ### CVE-2020-15808 - [manucuf/CVE202015808](https://github.com/manucuf/CVE202015808) @@ -22153,6 +23254,22 @@ In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers - [Live-Hack-CVE/CVE-2020-15901](https://github.com/Live-Hack-CVE/CVE-2020-15901) +### CVE-2020-15902 (2020-07-22) + + +Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. + + +- [Live-Hack-CVE/CVE-2020-15902](https://github.com/Live-Hack-CVE/CVE-2020-15902) + +### CVE-2020-15917 (2020-07-23) + + +common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. + + +- [Live-Hack-CVE/CVE-2020-15917](https://github.com/Live-Hack-CVE/CVE-2020-15917) + ### CVE-2020-15999 (2020-11-02) @@ -22250,12 +23367,8 @@ A remote code execution vulnerability exists when the Windows TCP/IP stack impro A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'. -- [MasterSploit/CVE-2020-16947](https://github.com/MasterSploit/CVE-2020-16947) - [Live-Hack-CVE/CVE-2020-16947](https://github.com/Live-Hack-CVE/CVE-2020-16947) -### CVE-2020-17008 -- [jas502n/CVE-2020-17008](https://github.com/jas502n/CVE-2020-17008) - ### CVE-2020-17035 (2020-11-11) @@ -22270,7 +23383,6 @@ Windows Kernel Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability -- [ze0r/cve-2020-17057](https://github.com/ze0r/cve-2020-17057) - [lsw29475/CVE-2020-17057](https://github.com/lsw29475/CVE-2020-17057) ### CVE-2020-17087 (2020-11-11) @@ -22279,7 +23391,6 @@ Windows Win32k Elevation of Privilege Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability -- [revengsh/CVE-2020-17087](https://github.com/revengsh/CVE-2020-17087) - [ykg88/OHTS_IE6052-CVE-2020-17087](https://github.com/ykg88/OHTS_IE6052-CVE-2020-17087) - [vp777/Windows-Non-Paged-Pool-Overflow-Exploitation](https://github.com/vp777/Windows-Non-Paged-Pool-Overflow-Exploitation) @@ -22292,14 +23403,13 @@ Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This - [xyddnljydd/CVE-2020-17136](https://github.com/xyddnljydd/CVE-2020-17136) - [cssxn/CVE-2020-17136](https://github.com/cssxn/CVE-2020-17136) -### CVE-2020-17144 (2020-12-09) +### CVE-2020-17373 (2020-08-12) -Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142. +SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. -- [Airboi/CVE-2020-17144-EXP](https://github.com/Airboi/CVE-2020-17144-EXP) -- [zcgonvh/CVE-2020-17144](https://github.com/zcgonvh/CVE-2020-17144) +- [Live-Hack-CVE/CVE-2020-17373](https://github.com/Live-Hack-CVE/CVE-2020-17373) ### CVE-2020-17382 (2020-10-02) @@ -22394,11 +23504,6 @@ While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. -- [ka1n4t/CVE-2020-17530](https://github.com/ka1n4t/CVE-2020-17530) -- [wuzuowei/CVE-2020-17530](https://github.com/wuzuowei/CVE-2020-17530) -- [Al1ex/CVE-2020-17530](https://github.com/Al1ex/CVE-2020-17530) -- [fengziHK/CVE-2020-17530-strust2-061](https://github.com/fengziHK/CVE-2020-17530-strust2-061) -- [ludy-dev/freemarker_RCE_struts2_s2-061](https://github.com/ludy-dev/freemarker_RCE_struts2_s2-061) - [CyborgSecurity/CVE-2020-17530](https://github.com/CyborgSecurity/CVE-2020-17530) - [uzzzval/CVE-2020-17530](https://github.com/uzzzval/CVE-2020-17530) - [killmonday/CVE-2020-17530-s2-061](https://github.com/killmonday/CVE-2020-17530-s2-061) @@ -22409,18 +23514,9 @@ Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version. -- [154802388/CVE-2020-17531](https://github.com/154802388/CVE-2020-17531) - [Live-Hack-CVE/CVE-2022-46366](https://github.com/Live-Hack-CVE/CVE-2022-46366) - [Live-Hack-CVE/CVE-2020-17531](https://github.com/Live-Hack-CVE/CVE-2020-17531) -### CVE-2020-17533 (2020-12-29) - - -Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties. - - -- [pazeray/CVE-2020-17533](https://github.com/pazeray/CVE-2020-17533) - ### CVE-2020-18324 (2022-03-04) @@ -22461,6 +23557,14 @@ Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Bu - [Deepak983/CVE-2020-19587](https://github.com/Deepak983/CVE-2020-19587) +### CVE-2020-19716 (2021-07-13) + + +A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). + + +- [Live-Hack-CVE/CVE-2020-19716](https://github.com/Live-Hack-CVE/CVE-2020-19716) + ### CVE-2020-20277 (2020-12-18) @@ -22517,6 +23621,14 @@ libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zs - [Live-Hack-CVE/CVE-2020-21599](https://github.com/Live-Hack-CVE/CVE-2020-21599) +### CVE-2020-21675 (2021-08-10) + + +A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. + + +- [Live-Hack-CVE/CVE-2020-21675](https://github.com/Live-Hack-CVE/CVE-2020-21675) + ### CVE-2020-21676 (2021-08-10) @@ -22789,13 +23901,21 @@ A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 - [meicookies/CVE-2020-24186](https://github.com/meicookies/CVE-2020-24186) - [Sakura-501/CVE-2020-24186-exploit](https://github.com/Sakura-501/CVE-2020-24186-exploit) -### CVE-2020-24227 (2020-11-23) +### CVE-2020-24223 (2020-08-30) -Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. +Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. -- [nathunandwani/CVE-2020-24227](https://github.com/nathunandwani/CVE-2020-24227) +- [Live-Hack-CVE/CVE-2020-24223](https://github.com/Live-Hack-CVE/CVE-2020-24223) + +### CVE-2020-24332 (2020-08-13) + + +An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. + + +- [Live-Hack-CVE/CVE-2020-24332](https://github.com/Live-Hack-CVE/CVE-2020-24332) ### CVE-2020-24368 (2020-08-19) @@ -22805,6 +23925,30 @@ Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversa - [Live-Hack-CVE/CVE-2020-24368](https://github.com/Live-Hack-CVE/CVE-2020-24368) +### CVE-2020-24373 (2020-09-16) + + +A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. + + +- [Live-Hack-CVE/CVE-2020-24373](https://github.com/Live-Hack-CVE/CVE-2020-24373) + +### CVE-2020-24374 (2020-09-16) + + +A DNS rebinding vulnerability in Freebox v5 before 1.5.29. + + +- [Live-Hack-CVE/CVE-2020-24374](https://github.com/Live-Hack-CVE/CVE-2020-24374) + +### CVE-2020-24377 (2020-09-16) + + +A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. + + +- [Live-Hack-CVE/CVE-2020-24377](https://github.com/Live-Hack-CVE/CVE-2020-24377) + ### CVE-2020-24379 (2020-09-09) @@ -22897,6 +24041,14 @@ Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an aut - [r90tpass/CVE-2020-24949](https://github.com/r90tpass/CVE-2020-24949) +### CVE-2020-25015 (2020-09-16) + + +A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. + + +- [Live-Hack-CVE/CVE-2020-25015](https://github.com/Live-Hack-CVE/CVE-2020-25015) + ### CVE-2020-25042 (2020-09-03) @@ -22923,6 +24075,14 @@ An issue was discovered in Observium Professional, Enterprise & Community 20 - [ynsmroztas/CVE-2020-25134](https://github.com/ynsmroztas/CVE-2020-25134) +### CVE-2020-25211 (2020-09-09) + + +In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. + + +- [Live-Hack-CVE/CVE-2020-25211](https://github.com/Live-Hack-CVE/CVE-2020-25211) + ### CVE-2020-25213 (2020-09-09) @@ -22951,14 +24111,6 @@ An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8 - [Live-Hack-CVE/CVE-2020-25247](https://github.com/Live-Hack-CVE/CVE-2020-25247) -### CVE-2020-25265 (2020-12-02) - - -AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. - - -- [refi64/CVE-2020-25265-25266](https://github.com/refi64/CVE-2020-25265-25266) - ### CVE-2020-25478 - [santokum/CVE-2020-25478--ASUS-RT-AC87U-TFTP-is-vulnerable-to-Denial-of-Service-DoS-attack](https://github.com/santokum/CVE-2020-25478--ASUS-RT-AC87U-TFTP-is-vulnerable-to-Denial-of-Service-DoS-attack) @@ -23036,14 +24188,6 @@ A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation al - [pauljrowland/BootHoleFix](https://github.com/pauljrowland/BootHoleFix) -### CVE-2020-25637 (2020-10-06) - - -A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. - - -- [brahmiboudjema/CVE-2020-25637-libvirt-double-free](https://github.com/brahmiboudjema/CVE-2020-25637-libvirt-double-free) - ### CVE-2020-25638 (2020-12-02) @@ -23060,6 +24204,14 @@ A flaw was found in the Linux kernel's implementation of biovecs in versions bef - [Live-Hack-CVE/CVE-2020-25641](https://github.com/Live-Hack-CVE/CVE-2020-25641) +### CVE-2020-25662 (2020-11-05) + + +A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. + + +- [Live-Hack-CVE/CVE-2020-25662](https://github.com/Live-Hack-CVE/CVE-2020-25662) + ### CVE-2020-25685 (2021-01-20) @@ -23092,6 +24244,14 @@ A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan - [nanopathi/linux-4.19.72_CVE-2020-25705](https://github.com/nanopathi/linux-4.19.72_CVE-2020-25705) +### CVE-2020-25711 (2020-12-03) + + +A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. + + +- [Live-Hack-CVE/CVE-2020-25711](https://github.com/Live-Hack-CVE/CVE-2020-25711) + ### CVE-2020-25736 (2021-07-15) @@ -23115,6 +24275,7 @@ An issue was discovered on Accfly Wireless Security IR Camera 720P System with s - [7Mitu/CVE-2020-25790](https://github.com/7Mitu/CVE-2020-25790) +- [Live-Hack-CVE/CVE-2020-25790](https://github.com/Live-Hack-CVE/CVE-2020-25790) ### CVE-2020-25860 (2020-12-21) @@ -23132,6 +24293,14 @@ SoPlanning before 1.47 doesn't correctly check the security key used to publicly - [thomasfady/CVE-2020-25867](https://github.com/thomasfady/CVE-2020-25867) +### CVE-2020-26117 (2020-09-26) + + +In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. + + +- [Live-Hack-CVE/CVE-2020-26117](https://github.com/Live-Hack-CVE/CVE-2020-26117) + ### CVE-2020-26184 (2022-06-01) @@ -23154,7 +24323,6 @@ Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-R XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. -- [novysodope/CVE-2020-26217-XStream-RCE-POC](https://github.com/novysodope/CVE-2020-26217-XStream-RCE-POC) - [Al1ex/CVE-2020-26217](https://github.com/Al1ex/CVE-2020-26217) ### CVE-2020-26233 (2020-12-08) @@ -23180,7 +24348,6 @@ XStream is a Java library to serialize objects to XML and back again. In XStream XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. -- [jas502n/CVE-2020-26259](https://github.com/jas502n/CVE-2020-26259) - [Al1ex/CVE-2020-26259](https://github.com/Al1ex/CVE-2020-26259) ### CVE-2020-26291 (2020-12-30) @@ -23207,6 +24374,14 @@ An issue has been discovered in GitLab CE/EE affecting all versions starting fro - [Kento-Sec/GitLab-Graphql-CVE-2020-26413](https://github.com/Kento-Sec/GitLab-Graphql-CVE-2020-26413) +### CVE-2020-26558 (2021-05-24) + + +Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. + + +- [Live-Hack-CVE/CVE-2020-26558](https://github.com/Live-Hack-CVE/CVE-2020-26558) + ### CVE-2020-26732 (2021-01-14) @@ -23231,8 +24406,21 @@ Ruckus through 1.5.1.0.21 is affected by remote command injection. An authentica - [htarsoo/CVE-2020-26878](https://github.com/htarsoo/CVE-2020-26878) -### CVE-2020-27190 -- [qlh831/x-CVE-2020-27190](https://github.com/qlh831/x-CVE-2020-27190) +### CVE-2020-26880 (2020-10-07) + + +Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. + + +- [Live-Hack-CVE/CVE-2020-26880](https://github.com/Live-Hack-CVE/CVE-2020-26880) + +### CVE-2020-26932 (2020-10-10) + + +debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) + + +- [Live-Hack-CVE/CVE-2020-26932](https://github.com/Live-Hack-CVE/CVE-2020-26932) ### CVE-2020-27194 (2020-10-16) @@ -23283,6 +24471,38 @@ An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authe - [Live-Hack-CVE/CVE-2020-27386](https://github.com/Live-Hack-CVE/CVE-2020-27386) +### CVE-2020-27652 (2020-10-29) + + +Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. + + +- [Live-Hack-CVE/CVE-2020-27652](https://github.com/Live-Hack-CVE/CVE-2020-27652) + +### CVE-2020-27653 (2020-10-29) + + +Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. + + +- [Live-Hack-CVE/CVE-2020-27653](https://github.com/Live-Hack-CVE/CVE-2020-27653) + +### CVE-2020-27654 (2020-10-29) + + +Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. + + +- [Live-Hack-CVE/CVE-2020-27654](https://github.com/Live-Hack-CVE/CVE-2020-27654) + +### CVE-2020-27655 (2020-10-29) + + +Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. + + +- [Live-Hack-CVE/CVE-2020-27655](https://github.com/Live-Hack-CVE/CVE-2020-27655) + ### CVE-2020-27688 (2020-11-05) @@ -23291,6 +24511,14 @@ RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords - [matthiasmaes/CVE-2020-27688](https://github.com/matthiasmaes/CVE-2020-27688) +### CVE-2020-27751 (2020-12-08) + + +A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + +- [Live-Hack-CVE/CVE-2020-27751](https://github.com/Live-Hack-CVE/CVE-2020-27751) + ### CVE-2020-27786 (2020-12-10) @@ -23323,30 +24551,6 @@ A memory corruption issue was addressed with improved input validation. This iss - [FunPhishing/Apple-Safari-Remote-Code-Execution-CVE-2020-27930](https://github.com/FunPhishing/Apple-Safari-Remote-Code-Execution-CVE-2020-27930) -### CVE-2020-27935 (2021-04-02) - - -Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions. - - -- [LIJI32/SnatchBox](https://github.com/LIJI32/SnatchBox) - -### CVE-2020-27949 (2021-04-02) - - -This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace. - - -- [seemoo-lab/dtrace-memaccess_cve-2020-27949](https://github.com/seemoo-lab/dtrace-memaccess_cve-2020-27949) - -### CVE-2020-27950 (2020-12-08) - - -A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory. - - -- [synacktiv/CVE-2020-27950](https://github.com/synacktiv/CVE-2020-27950) - ### CVE-2020-27955 (2020-11-05) @@ -23354,10 +24558,6 @@ Git LFS 2.12.0 allows Remote Code Execution. - [ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955](https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955) -- [yhsung/cve-2020-27955-poc](https://github.com/yhsung/cve-2020-27955-poc) -- [r00t4dm/CVE-2020-27955](https://github.com/r00t4dm/CVE-2020-27955) -- [williamgoulois/git-lfs-RCE-exploit-CVE-2020-27955-revshell](https://github.com/williamgoulois/git-lfs-RCE-exploit-CVE-2020-27955-revshell) -- [shubham0d/CVE-2020-27955](https://github.com/shubham0d/CVE-2020-27955) - [TheTh1nk3r/cve-2020-27955](https://github.com/TheTh1nk3r/cve-2020-27955) - [NeoDarwin/CVE-2020-27955](https://github.com/NeoDarwin/CVE-2020-27955) - [DeeLMind/CVE-2020-27955-LFS](https://github.com/DeeLMind/CVE-2020-27955-LFS) @@ -23394,7 +24594,6 @@ WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Reques An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. -- [madstap/bouncy-castle-generative-test-poc](https://github.com/madstap/bouncy-castle-generative-test-poc) - [kurenaif/CVE-2020-28052_PoC](https://github.com/kurenaif/CVE-2020-28052_PoC) ### CVE-2020-28148 @@ -23448,14 +24647,6 @@ Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allo - [Live-Hack-CVE/CVE-2020-28271](https://github.com/Live-Hack-CVE/CVE-2020-28271) -### CVE-2020-28328 (2020-11-06) - - -SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. - - -- [mcorybillington/SuiteCRM-RCE](https://github.com/mcorybillington/SuiteCRM-RCE) - ### CVE-2020-28367 (2020-11-18) @@ -23812,14 +25003,6 @@ A code execution vulnerability exists in the Nef polygon-parsing functionality o - [Live-Hack-CVE/CVE-2020-28636](https://github.com/Live-Hack-CVE/CVE-2020-28636) -### CVE-2020-28647 (2020-11-17) - - -In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS). - - -- [SECFORCE/Progress-MOVEit-Transfer-2020.1-Stored-XSS-CVE-2020-28647](https://github.com/SECFORCE/Progress-MOVEit-Transfer-2020.1-Stored-XSS-CVE-2020-28647) - ### CVE-2020-28653 (2021-02-03) @@ -23852,7 +25035,6 @@ ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Se Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. -- [0x240x23elu/CVE-2020-28948-and-CVE-2020-28949](https://github.com/0x240x23elu/CVE-2020-28948-and-CVE-2020-28949) - [nopdata/cve-2020-28948](https://github.com/nopdata/cve-2020-28948) - [JinHao-L/PoC-for-CVE-2020-28948-CVE-2020-28949](https://github.com/JinHao-L/PoC-for-CVE-2020-28948-CVE-2020-28949) @@ -23864,17 +25046,6 @@ Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blo - [Live-Hack-CVE/CVE-2020-28975](https://github.com/Live-Hack-CVE/CVE-2020-28975) -### CVE-2020-29007 -- [seqred-s-a/cve-2020-29007](https://github.com/seqred-s-a/cve-2020-29007) - -### CVE-2020-29070 (2020-11-25) - - -osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. - - -- [aslanemre/cve-2020-29070](https://github.com/aslanemre/cve-2020-29070) - ### CVE-2020-29134 (2021-03-05) @@ -23883,14 +25054,6 @@ The TOTVS Fluig platform allows path traversal through the parameter "file - [Ls4ss/CVE-2020-29134](https://github.com/Ls4ss/CVE-2020-29134) -### CVE-2020-29156 (2020-12-27) - - -The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. - - -- [Ko-kn3t/CVE-2020-29156](https://github.com/Ko-kn3t/CVE-2020-29156) - ### CVE-2020-29254 (2020-12-11) @@ -23899,14 +25062,6 @@ TikiWiki 21.2 allows templates to be edited without CSRF protection. This could - [S1lkys/CVE-2020-29254](https://github.com/S1lkys/CVE-2020-29254) -### CVE-2020-29364 (2020-11-30) - - -In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles. - - -- [aslanemre/CVE-2020-29364](https://github.com/aslanemre/CVE-2020-29364) - ### CVE-2020-29370 (2020-11-28) @@ -23979,29 +25134,13 @@ A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows - [0xAbbarhSF/CVE-2020-29607](https://github.com/0xAbbarhSF/CVE-2020-29607) -### CVE-2020-29666 (2020-12-10) +### CVE-2020-35136 (2020-12-23) -In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value. +Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. -- [jet-pentest/CVE-2020-29666](https://github.com/jet-pentest/CVE-2020-29666) - -### CVE-2020-29667 (2020-12-10) - - -In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration. - - -- [jet-pentest/CVE-2020-29667](https://github.com/jet-pentest/CVE-2020-29667) - -### CVE-2020-29669 (2020-12-13) - - -In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise. - - -- [code-byter/CVE-2020-29669](https://github.com/code-byter/CVE-2020-29669) +- [Live-Hack-CVE/CVE-2020-35136](https://github.com/Live-Hack-CVE/CVE-2020-35136) ### CVE-2020-35163 (2022-07-11) @@ -24036,6 +25175,14 @@ A remote code execution vulnerability in the installUpdateThemePluginAction func - [ybdegit2020/wonderplugin](https://github.com/ybdegit2020/wonderplugin) - [AkashLingayat/WonderCMS-CVE-2020-35314](https://github.com/AkashLingayat/WonderCMS-CVE-2020-35314) +### CVE-2020-35473 (2022-11-08) + + +An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel. + + +- [Live-Hack-CVE/CVE-2020-35473](https://github.com/Live-Hack-CVE/CVE-2020-35473) + ### CVE-2020-35476 (2020-12-16) @@ -24119,21 +25266,12 @@ A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP - [Live-Hack-CVE/CVE-2020-35576](https://github.com/Live-Hack-CVE/CVE-2020-35576) -### CVE-2020-35590 (2020-12-21) - - -LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries. - - -- [N4nj0/CVE-2020-35590](https://github.com/N4nj0/CVE-2020-35590) - ### CVE-2020-35606 (2020-12-21) Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. -- [anasbousselham/webminscan](https://github.com/anasbousselham/webminscan) - [puckiestyle/CVE-2020-35606](https://github.com/puckiestyle/CVE-2020-35606) ### CVE-2020-35628 (2021-03-04) @@ -24434,6 +25572,14 @@ libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (ca - [Live-Hack-CVE/CVE-2020-36430](https://github.com/Live-Hack-CVE/CVE-2020-36430) +### CVE-2020-36457 (2021-08-08) + + +An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox<T> implements the Send and Sync traits for all types T. + + +- [Live-Hack-CVE/CVE-2020-36457](https://github.com/Live-Hack-CVE/CVE-2020-36457) + ### CVE-2020-36475 (2021-08-22) @@ -24700,7 +25846,6 @@ When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in - [pyn3rd/CVE-2019-0232](https://github.com/pyn3rd/CVE-2019-0232) - [jas502n/CVE-2019-0232](https://github.com/jas502n/CVE-2019-0232) - [cyy95/CVE-2019-0232-EXP](https://github.com/cyy95/CVE-2019-0232-EXP) -- [setrus/CVE-2019-0232](https://github.com/setrus/CVE-2019-0232) - [Nicoslo/Windows-exploitation-Apache-Tomcat-8.5.19-CVE-2019-0232-](https://github.com/Nicoslo/Windows-exploitation-Apache-Tomcat-8.5.19-CVE-2019-0232-) - [Nicoslo/Windows-Exploitation-Web-Server-Tomcat-8.5.39-CVE-2019-0232](https://github.com/Nicoslo/Windows-Exploitation-Web-Server-Tomcat-8.5.39-CVE-2019-0232) - [jaiguptanick/CVE-2019-0232](https://github.com/jaiguptanick/CVE-2019-0232) @@ -24808,11 +25953,8 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - [wdfcc/CVE-2019-0708](https://github.com/wdfcc/CVE-2019-0708) - [cvencoder/cve-2019-0708](https://github.com/cvencoder/cve-2019-0708) - [andripwn/CVE-2019-0708](https://github.com/andripwn/CVE-2019-0708) -- [0xeb-bp/bluekeep](https://github.com/0xeb-bp/bluekeep) -- [fade-vivida/CVE-2019-0708-test](https://github.com/fade-vivida/CVE-2019-0708-test) - [Cyb0r9/ispy](https://github.com/Cyb0r9/ispy) - [lwtz/CVE-2019-0708](https://github.com/lwtz/CVE-2019-0708) -- [ulisesrc/-2-CVE-2019-0708](https://github.com/ulisesrc/-2-CVE-2019-0708) - [worawit/CVE-2019-0708](https://github.com/worawit/CVE-2019-0708) - [cbwang505/CVE-2019-0708-EXP-Windows](https://github.com/cbwang505/CVE-2019-0708-EXP-Windows) - [eastmountyxz/CVE-2019-0708-Windows](https://github.com/eastmountyxz/CVE-2019-0708-Windows) @@ -24886,6 +26028,14 @@ An elevation of privilege vulnerability exists when Windows AppX Deployment Serv - [0x00-0x00/CVE-2019-0841-BYPASS](https://github.com/0x00-0x00/CVE-2019-0841-BYPASS) - [mappl3/CVE-2019-0841](https://github.com/mappl3/CVE-2019-0841) +### CVE-2019-0845 (2019-04-09) + + +A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'. + + +- [Live-Hack-CVE/CVE-2019-0845](https://github.com/Live-Hack-CVE/CVE-2019-0845) + ### CVE-2019-0859 (2019-04-09) @@ -24919,6 +26069,9 @@ An elevation of privilege vulnerability exists when the Windows User Profile Ser - [padovah4ck/CVE-2019-0986](https://github.com/padovah4ck/CVE-2019-0986) +### CVE-2019-152 +- [Live-Hack-CVE/CVE-2021-46837](https://github.com/Live-Hack-CVE/CVE-2021-46837) + ### CVE-2019-905 - [xtafnull/CMS-made-simple-sqli-python3](https://github.com/xtafnull/CMS-made-simple-sqli-python3) @@ -25047,36 +26200,10 @@ An elevation of privilege vulnerability exists when the Windows AppX Deployment An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. -- [jas502n/CVE-2019-1388](https://github.com/jas502n/CVE-2019-1388) -- [jaychouzzk/CVE-2019-1388](https://github.com/jaychouzzk/CVE-2019-1388) - [sv3nbeast/CVE-2019-1388](https://github.com/sv3nbeast/CVE-2019-1388) - [nobodyatall648/CVE-2019-1388](https://github.com/nobodyatall648/CVE-2019-1388) - [suprise4u/CVE-2019-1388](https://github.com/suprise4u/CVE-2019-1388) -### CVE-2019-1402 (2019-11-12) - - -An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. - - -- [lauxjpn/CorruptQueryAccessWorkaround](https://github.com/lauxjpn/CorruptQueryAccessWorkaround) - -### CVE-2019-1405 (2019-11-12) - - -An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. - - -- [apt69/COMahawk](https://github.com/apt69/COMahawk) - -### CVE-2019-1422 (2019-11-12) - - -An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423. - - -- [ze0r/cve-2019-1422](https://github.com/ze0r/cve-2019-1422) - ### CVE-2019-1458 (2019-12-10) @@ -25088,14 +26215,6 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon - [DreamoneOnly/CVE-2019-1458-malware](https://github.com/DreamoneOnly/CVE-2019-1458-malware) - [Eternit7/CVE-2019-1458](https://github.com/Eternit7/CVE-2019-1458) -### CVE-2019-1476 (2019-12-10) - - -An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483. - - -- [sgabe/CVE-2019-1476](https://github.com/sgabe/CVE-2019-1476) - ### CVE-2019-1477 (2019-12-10) @@ -25253,7 +26372,6 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - [jas502n/cve-2019-2618](https://github.com/jas502n/cve-2019-2618) - [wsfengfan/CVE-2019-2618-](https://github.com/wsfengfan/CVE-2019-2618-) - [dr0op/WeblogicScan](https://github.com/dr0op/WeblogicScan) -- [ianxtianxt/cve-2019-2618](https://github.com/ianxtianxt/cve-2019-2618) - [0xn0ne/weblogicScanner](https://github.com/0xn0ne/weblogicScanner) ### CVE-2019-2725 (2019-04-26) @@ -25275,7 +26393,6 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - [jiansiting/CVE-2019-2725](https://github.com/jiansiting/CVE-2019-2725) - [kerlingcode/CVE-2019-2725](https://github.com/kerlingcode/CVE-2019-2725) - [black-mirror/Weblogic](https://github.com/black-mirror/Weblogic) -- [N0b1e6/CVE-2019-2725-POC](https://github.com/N0b1e6/CVE-2019-2725-POC) - [GGyao/weblogic_2019_2725_wls_batch](https://github.com/GGyao/weblogic_2019_2725_wls_batch) - [ludy-dev/Oracle-WLS-Weblogic-RCE](https://github.com/ludy-dev/Oracle-WLS-Weblogic-RCE) - [1stPeak/CVE-2019-2725-environment](https://github.com/1stPeak/CVE-2019-2725-environment) @@ -25290,6 +26407,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - [ruthlezs/CVE-2019-2729-Exploit](https://github.com/ruthlezs/CVE-2019-2729-Exploit) - [pizza-power/weblogic-CVE-2019-2729-POC](https://github.com/pizza-power/weblogic-CVE-2019-2729-POC) - [Luchoane/CVE-2019-2729_creal](https://github.com/Luchoane/CVE-2019-2729_creal) +- [Live-Hack-CVE/CVE-2019-2729](https://github.com/Live-Hack-CVE/CVE-2019-2729) ### CVE-2019-2890 (2019-10-16) @@ -25297,8 +26415,6 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). -- [SukaraLin/CVE-2019-2890](https://github.com/SukaraLin/CVE-2019-2890) -- [jas502n/CVE-2019-2890](https://github.com/jas502n/CVE-2019-2890) - [ianxtianxt/CVE-2019-2890](https://github.com/ianxtianxt/CVE-2019-2890) - [zhzhdoai/Weblogic_Vuln](https://github.com/zhzhdoai/Weblogic_Vuln) @@ -25334,7 +26450,6 @@ The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 - [quanpt103/CVE-2019-3396](https://github.com/quanpt103/CVE-2019-3396) - [vntest11/confluence_CVE-2019-3396](https://github.com/vntest11/confluence_CVE-2019-3396) - [JonathanZhou348/CVE-2019-3396TEST](https://github.com/JonathanZhou348/CVE-2019-3396TEST) -- [am6539/CVE-2019-3396](https://github.com/am6539/CVE-2019-3396) - [W2Ning/CVE-2019-3396](https://github.com/W2Ning/CVE-2019-3396) - [yuehanked/cve-2019-3396](https://github.com/yuehanked/cve-2019-3396) - [abdallah-elsharif/cve-2019-3396](https://github.com/abdallah-elsharif/cve-2019-3396) @@ -25447,6 +26562,30 @@ Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defen - [funoverip/mcafee_atd_CVE-2019-3663](https://github.com/funoverip/mcafee_atd_CVE-2019-3663) +### CVE-2019-3692 (2020-01-24) + + +The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. + + +- [Live-Hack-CVE/CVE-2019-3692](https://github.com/Live-Hack-CVE/CVE-2019-3692) + +### CVE-2019-3693 (2020-01-24) + + +A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. + + +- [Live-Hack-CVE/CVE-2019-3693](https://github.com/Live-Hack-CVE/CVE-2019-3693) + +### CVE-2019-3694 (2020-01-24) + + +A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. + + +- [Live-Hack-CVE/CVE-2019-3694](https://github.com/Live-Hack-CVE/CVE-2019-3694) + ### CVE-2019-3719 (2019-04-18) @@ -25496,6 +26635,22 @@ A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OA - [Live-Hack-CVE/CVE-2019-3876](https://github.com/Live-Hack-CVE/CVE-2019-3876) +### CVE-2019-3881 (2020-09-04) + + +Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. + + +- [Live-Hack-CVE/CVE-2019-3881](https://github.com/Live-Hack-CVE/CVE-2019-3881) + +### CVE-2019-3886 (2019-04-04) + + +An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. + + +- [Live-Hack-CVE/CVE-2019-3886](https://github.com/Live-Hack-CVE/CVE-2019-3886) + ### CVE-2019-3893 (2019-04-09) @@ -25576,14 +26731,6 @@ Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any - [Live-Hack-CVE/CVE-2019-3928](https://github.com/Live-Hack-CVE/CVE-2019-3928) -### CVE-2019-3929 (2019-04-30) - - -The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. - - -- [xfox64x/CVE-2019-3929](https://github.com/xfox64x/CVE-2019-3929) - ### CVE-2019-3932 (2019-04-30) @@ -26742,7 +27889,6 @@ There is a File Content Disclosure vulnerability in Action View <5.2.2.1, < - [mpgn/Rails-doubletap-RCE](https://github.com/mpgn/Rails-doubletap-RCE) - [takeokunn/CVE-2019-5418](https://github.com/takeokunn/CVE-2019-5418) - [Bad3r/RailroadBandit](https://github.com/Bad3r/RailroadBandit) -- [random-robbie/CVE-2019-5418](https://github.com/random-robbie/CVE-2019-5418) - [kailing0220/CVE-2019-5418](https://github.com/kailing0220/CVE-2019-5418) ### CVE-2019-5420 (2019-03-27) @@ -26853,14 +27999,6 @@ A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose In - [rbeede/CVE-2019-5630](https://github.com/rbeede/CVE-2019-5630) -### CVE-2019-5700 (2019-10-09) - - -NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. - - -- [oscardagrach/CVE-2019-5700](https://github.com/oscardagrach/CVE-2019-5700) - ### CVE-2019-5736 (2019-02-11) @@ -26881,7 +28019,6 @@ runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allow - [milloni/cve-2019-5736-exp](https://github.com/milloni/cve-2019-5736-exp) - [panzouh/Docker-Runc-Exploit](https://github.com/panzouh/Docker-Runc-Exploit) - [RyanNgWH/CVE-2019-5736-POC](https://github.com/RyanNgWH/CVE-2019-5736-POC) -- [chosam2/cve-2019-5736-poc](https://github.com/chosam2/cve-2019-5736-poc) - [epsteina16/Docker-Escape-Miner](https://github.com/epsteina16/Docker-Escape-Miner) - [geropl/CVE-2019-5736](https://github.com/geropl/CVE-2019-5736) - [GiverOfGifts/CVE-2019-5736-Custom-Runtime](https://github.com/GiverOfGifts/CVE-2019-5736-Custom-Runtime) @@ -26926,14 +28063,6 @@ Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 al - [Silence-Rain/14-828_Exploitation_of_CVE-2019-5822](https://github.com/Silence-Rain/14-828_Exploitation_of_CVE-2019-5822) -### CVE-2019-5825 (2019-11-25) - - -Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - - -- [timwr/CVE-2019-5825](https://github.com/timwr/CVE-2019-5825) - ### CVE-2019-5893 (2019-01-10) @@ -27368,6 +28497,14 @@ Canonical snapd before version 2.37.1 incorrectly performed socket owner validat - [f4T1H21/dirty_sock](https://github.com/f4T1H21/dirty_sock) - [Live-Hack-CVE/CVE-2019-7304](https://github.com/Live-Hack-CVE/CVE-2019-7304) +### CVE-2019-7348 (2019-02-04) + + +Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. + + +- [Live-Hack-CVE/CVE-2022-30768](https://github.com/Live-Hack-CVE/CVE-2022-30768) + ### CVE-2019-7356 (2020-11-04) @@ -27413,7 +28550,6 @@ Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw - [mpgn/CVE-2019-7609](https://github.com/mpgn/CVE-2019-7609) - [LandGrey/CVE-2019-7609](https://github.com/LandGrey/CVE-2019-7609) -- [hekadan/CVE-2019-7609](https://github.com/hekadan/CVE-2019-7609) - [rhbb/CVE-2019-7609](https://github.com/rhbb/CVE-2019-7609) - [dnr6419/CVE-2019-7609](https://github.com/dnr6419/CVE-2019-7609) - [wolf1892/CVE-2019-7609](https://github.com/wolf1892/CVE-2019-7609) @@ -28063,7 +29199,6 @@ In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in - [jas502n/CVE-2019-11043](https://github.com/jas502n/CVE-2019-11043) - [AleWong/PHP-FPM-Remote-Code-Execution-Vulnerability-CVE-2019-11043-](https://github.com/AleWong/PHP-FPM-Remote-Code-Execution-Vulnerability-CVE-2019-11043-) -- [moniik/CVE-2019-11043_env](https://github.com/moniik/CVE-2019-11043_env) - [kriskhub/CVE-2019-11043](https://github.com/kriskhub/CVE-2019-11043) - [alokaranasinghe/cve-2019-11043](https://github.com/alokaranasinghe/cve-2019-11043) - [corifeo/CVE-2019-11043](https://github.com/corifeo/CVE-2019-11043) @@ -28128,6 +29263,38 @@ Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthen - [livehybrid/poc-cribl-rce](https://github.com/livehybrid/poc-cribl-rce) +### CVE-2019-11089 (2019-11-14) + + +Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. + + +- [Live-Hack-CVE/CVE-2019-11089](https://github.com/Live-Hack-CVE/CVE-2019-11089) + +### CVE-2019-11111 (2019-11-14) + + +Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. + + +- [Live-Hack-CVE/CVE-2019-11111](https://github.com/Live-Hack-CVE/CVE-2019-11111) + +### CVE-2019-11113 (2019-11-14) + + +Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. + + +- [Live-Hack-CVE/CVE-2019-11113](https://github.com/Live-Hack-CVE/CVE-2019-11113) + +### CVE-2019-11139 (2019-11-14) + + +Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. + + +- [Live-Hack-CVE/CVE-2019-11139](https://github.com/Live-Hack-CVE/CVE-2019-11139) + ### CVE-2019-11157 (2019-12-16) @@ -28214,6 +29381,14 @@ In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before - [0xDezzy/CVE-2019-11539](https://github.com/0xDezzy/CVE-2019-11539) +### CVE-2019-11556 (2020-09-25) + + +Pagure before 5.6 allows XSS via the templates/blame.html blame view. + + +- [Live-Hack-CVE/CVE-2019-11556](https://github.com/Live-Hack-CVE/CVE-2019-11556) + ### CVE-2019-11580 (2019-06-03) @@ -28271,6 +29446,14 @@ An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer derefer - [Live-Hack-CVE/CVE-2019-11810](https://github.com/Live-Hack-CVE/CVE-2019-11810) +### CVE-2019-11823 (2020-05-04) + + +CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. + + +- [Live-Hack-CVE/CVE-2019-11823](https://github.com/Live-Hack-CVE/CVE-2019-11823) + ### CVE-2019-11851 (2022-12-26) @@ -28287,15 +29470,6 @@ A vulnerability exists in Rancher 2.1.4 in the login component, where the errorM - [MauroEldritch/VanCleef](https://github.com/MauroEldritch/VanCleef) -### CVE-2019-11931 (2019-11-14) - - -A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. - - -- [kasif-dekel/whatsapp-rce-patched](https://github.com/kasif-dekel/whatsapp-rce-patched) -- [nop-team/CVE-2019-11931](https://github.com/nop-team/CVE-2019-11931) - ### CVE-2019-11932 (2019-10-03) @@ -28303,7 +29477,6 @@ A double free vulnerability in the DDGifSlurp function in decoding.c in the andr - [dorkerdevil/CVE-2019-11932](https://github.com/dorkerdevil/CVE-2019-11932) -- [awakened1712/CVE-2019-11932](https://github.com/awakened1712/CVE-2019-11932) - [fastmo/CVE-2019-11932](https://github.com/fastmo/CVE-2019-11932) - [SmoZy92/CVE-2019-11932](https://github.com/SmoZy92/CVE-2019-11932) - [dashtic172/https-github.com-awakened171](https://github.com/dashtic172/https-github.com-awakened171) @@ -28381,22 +29554,6 @@ An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS - [falconz/CVE-2019-12189](https://github.com/falconz/CVE-2019-12189) -### CVE-2019-12255 (2019-08-09) - - -Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. - - -- [sud0woodo/Urgent11-Suricata-LUA-scripts](https://github.com/sud0woodo/Urgent11-Suricata-LUA-scripts) - -### CVE-2019-12272 (2019-05-23) - - -In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. - - -- [roguedream/lede-17.01.3](https://github.com/roguedream/lede-17.01.3) - ### CVE-2019-12384 (2019-06-24) @@ -28405,14 +29562,6 @@ FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a va - [MagicZer0/Jackson_RCE-CVE-2019-12384](https://github.com/MagicZer0/Jackson_RCE-CVE-2019-12384) -### CVE-2019-12409 (2019-11-18) - - -The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server. - - -- [jas502n/CVE-2019-12409](https://github.com/jas502n/CVE-2019-12409) - ### CVE-2019-12460 (2019-05-30) @@ -28560,14 +29709,6 @@ An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp i - [ahaShiyu/CVE-2019-12874](https://github.com/ahaShiyu/CVE-2019-12874) -### CVE-2019-12890 (2019-06-19) - - -RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. - - -- [EthicalHCOP/CVE-2019-12890_RedxploitHQ](https://github.com/EthicalHCOP/CVE-2019-12890_RedxploitHQ) - ### CVE-2019-12949 (2019-06-25) @@ -28730,7 +29871,6 @@ In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can - [shallvhack/Sudo-Security-Bypass-CVE-2019-14287](https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287) - [Sindayifu/CVE-2019-14287-CVE-2014-6271](https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271) - [CMNatic/Dockerized-CVE-2019-14287](https://github.com/CMNatic/Dockerized-CVE-2019-14287) -- [axax002/sudo-vulnerability-CVE-2019-14287](https://github.com/axax002/sudo-vulnerability-CVE-2019-14287) - [SachinthaDeSilva-cmd/Exploit-CVE-2019-14287](https://github.com/SachinthaDeSilva-cmd/Exploit-CVE-2019-14287) - [HussyCool/CVE-2019-14287-IT18030372-](https://github.com/HussyCool/CVE-2019-14287-IT18030372-) - [ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287](https://github.com/ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287) @@ -28802,6 +29942,30 @@ An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via - [sec-it/exploit-CVE-2019-14530](https://github.com/sec-it/exploit-CVE-2019-14530) +### CVE-2019-14574 (2019-11-14) + + +Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. + + +- [Live-Hack-CVE/CVE-2019-14574](https://github.com/Live-Hack-CVE/CVE-2019-14574) + +### CVE-2019-14590 (2019-11-14) + + +Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. + + +- [Live-Hack-CVE/CVE-2019-14590](https://github.com/Live-Hack-CVE/CVE-2019-14590) + +### CVE-2019-14591 (2019-11-14) + + +Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. + + +- [Live-Hack-CVE/CVE-2019-14591](https://github.com/Live-Hack-CVE/CVE-2019-14591) + ### CVE-2019-14615 (2020-01-17) @@ -28850,6 +30014,14 @@ A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Be - [shanika04/hibernate-orm](https://github.com/shanika04/hibernate-orm) +### CVE-2019-14907 (2020-01-21) + + +All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). + + +- [Live-Hack-CVE/CVE-2019-14907](https://github.com/Live-Hack-CVE/CVE-2019-14907) + ### CVE-2019-15043 (2019-09-03) @@ -28858,6 +30030,14 @@ In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthentic - [h0ffayyy/CVE-2019-15043](https://github.com/h0ffayyy/CVE-2019-15043) +### CVE-2019-15062 (2019-08-14) + + +An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.) + + +- [Live-Hack-CVE/CVE-2019-15062](https://github.com/Live-Hack-CVE/CVE-2019-15062) + ### CVE-2019-15107 (2019-08-15) @@ -28884,14 +30064,6 @@ An issue was discovered in Webmin <=1.920. The parameter old in password_chan - [lolminerxmrig/CVE-2019-15107](https://github.com/lolminerxmrig/CVE-2019-15107) - [TheAlpha19/MiniExploit](https://github.com/TheAlpha19/MiniExploit) -### CVE-2019-15120 (2019-08-16) - - -The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. - - -- [h3llraiser/CVE-2019-15120](https://github.com/h3llraiser/CVE-2019-15120) - ### CVE-2019-15126 (2020-02-05) @@ -28930,13 +30102,13 @@ The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.o ### CVE-2019-15231 - [SlizBinksman/THM-Source-CVE-2019-15231](https://github.com/SlizBinksman/THM-Source-CVE-2019-15231) -### CVE-2019-15511 (2019-11-21) +### CVE-2019-15505 (2019-08-23) -An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed. All GOG Galaxy versions before 1.2.60 and all corresponding versions of GOG Galaxy 2.0 Beta are affected. +drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). -- [adenkiewicz/CVE-2019-15511](https://github.com/adenkiewicz/CVE-2019-15511) +- [Live-Hack-CVE/CVE-2019-15505](https://github.com/Live-Hack-CVE/CVE-2019-15505) ### CVE-2019-15514 (2019-08-23) @@ -28954,6 +30126,14 @@ There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypa - [lyy289065406/CVE-2019-15588](https://github.com/lyy289065406/CVE-2019-15588) +### CVE-2019-15604 (2020-02-07) + + +Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate + + +- [Live-Hack-CVE/CVE-2019-15604](https://github.com/Live-Hack-CVE/CVE-2019-15604) + ### CVE-2019-15605 (2020-02-07) @@ -28961,6 +30141,7 @@ HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delive - [jlcarruda/node-poc-http-smuggling](https://github.com/jlcarruda/node-poc-http-smuggling) +- [Live-Hack-CVE/CVE-2019-15605](https://github.com/Live-Hack-CVE/CVE-2019-15605) ### CVE-2019-15642 (2019-08-26) @@ -28970,6 +30151,14 @@ rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a - [trhacknon/CVE-2019-15642](https://github.com/trhacknon/CVE-2019-15642) +### CVE-2019-15691 (2019-12-26) + + +TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. + + +- [Live-Hack-CVE/CVE-2019-15691](https://github.com/Live-Hack-CVE/CVE-2019-15691) + ### CVE-2019-15692 (2019-12-26) @@ -28994,22 +30183,6 @@ admin/includes/class.import.snippet.php in the "Woody ad snippets" plu - [orangmuda/CVE-2019-15858](https://github.com/orangmuda/CVE-2019-15858) -### CVE-2019-15972 (2019-11-25) - - -A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database. - - -- [FSecureLABS/Cisco-UCM-SQLi-Scripts](https://github.com/FSecureLABS/Cisco-UCM-SQLi-Scripts) - -### CVE-2019-16097 (2019-09-08) - - -core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP. - - -- [luckybool1020/CVE-2019-16097](https://github.com/luckybool1020/CVE-2019-16097) - ### CVE-2019-16113 (2019-09-08) @@ -29034,6 +30207,14 @@ sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_ - [Live-Hack-CVE/CVE-2019-16167](https://github.com/Live-Hack-CVE/CVE-2019-16167) +### CVE-2019-16197 (2019-09-16) + + +In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. + + +- [Live-Hack-CVE/CVE-2019-16197](https://github.com/Live-Hack-CVE/CVE-2019-16197) + ### CVE-2019-16278 (2019-10-14) @@ -29041,8 +30222,6 @@ Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 - [ianxtianxt/CVE-2019-16278](https://github.com/ianxtianxt/CVE-2019-16278) -- [AnubisSec/CVE-2019-16278](https://github.com/AnubisSec/CVE-2019-16278) -- [theRealFr13nd/CVE-2019-16278-Nostromo_1.9.6-RCE](https://github.com/theRealFr13nd/CVE-2019-16278-Nostromo_1.9.6-RCE) - [Kr0ff/cve-2019-16278](https://github.com/Kr0ff/cve-2019-16278) - [NHPT/CVE-2019-16278](https://github.com/NHPT/CVE-2019-16278) - [keshiba/cve-2019-16278](https://github.com/keshiba/cve-2019-16278) @@ -29089,6 +30268,38 @@ An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) - [czz/ScreenConnect-UserEnum](https://github.com/czz/ScreenConnect-UserEnum) +### CVE-2019-16685 (2019-09-27) + + +Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. + + +- [Live-Hack-CVE/CVE-2019-16685](https://github.com/Live-Hack-CVE/CVE-2019-16685) + +### CVE-2019-16686 (2019-09-27) + + +Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. + + +- [Live-Hack-CVE/CVE-2019-16686](https://github.com/Live-Hack-CVE/CVE-2019-16686) + +### CVE-2019-16687 (2019-09-27) + + +Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. + + +- [Live-Hack-CVE/CVE-2019-16687](https://github.com/Live-Hack-CVE/CVE-2019-16687) + +### CVE-2019-16688 (2019-09-27) + + +Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.) + + +- [Live-Hack-CVE/CVE-2019-16688](https://github.com/Live-Hack-CVE/CVE-2019-16688) + ### CVE-2019-16759 (2019-09-24) @@ -29162,6 +30373,7 @@ Incorrect alias information in IonMonkey JIT compiler for setting array elements - [maxpl0it/CVE-2019-17026-Exploit](https://github.com/maxpl0it/CVE-2019-17026-Exploit) - [lsw29475/CVE-2019-17026](https://github.com/lsw29475/CVE-2019-17026) +- [Live-Hack-CVE/CVE-2019-17026](https://github.com/Live-Hack-CVE/CVE-2019-17026) ### CVE-2019-17041 (2019-10-07) @@ -29203,6 +30415,14 @@ PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrate - [h4ckologic/CVE-2019-17221](https://github.com/h4ckologic/CVE-2019-17221) +### CVE-2019-17223 (2019-10-15) + + +There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. + + +- [Live-Hack-CVE/CVE-2019-17223](https://github.com/Live-Hack-CVE/CVE-2019-17223) + ### CVE-2019-17234 (2019-11-12) @@ -29242,14 +30462,6 @@ SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Up - [Live-Hack-CVE/CVE-2019-17317](https://github.com/Live-Hack-CVE/CVE-2019-17317) -### CVE-2019-17424 (2019-10-22) - - -A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file. - - -- [guywhataguy/CVE-2019-17424](https://github.com/guywhataguy/CVE-2019-17424) - ### CVE-2019-17427 (2019-10-09) @@ -29342,6 +30554,30 @@ Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserializat - [HynekPetrak/log4shell-finder](https://github.com/HynekPetrak/log4shell-finder) - [Live-Hack-CVE/CVE-2019-17571](https://github.com/Live-Hack-CVE/CVE-2019-17571) +### CVE-2019-17576 (2019-10-16) + + +An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field. + + +- [Live-Hack-CVE/CVE-2019-17576](https://github.com/Live-Hack-CVE/CVE-2019-17576) + +### CVE-2019-17577 (2019-10-16) + + +An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. + + +- [Live-Hack-CVE/CVE-2019-17577](https://github.com/Live-Hack-CVE/CVE-2019-17577) + +### CVE-2019-17578 (2019-10-16) + + +An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field. + + +- [Live-Hack-CVE/CVE-2019-17578](https://github.com/Live-Hack-CVE/CVE-2019-17578) + ### CVE-2019-17621 (2019-12-30) @@ -29411,6 +30647,14 @@ In certain Citrix products, information disclosure can be achieved by an authent - [Live-Hack-CVE/CVE-2019-18177](https://github.com/Live-Hack-CVE/CVE-2019-18177) +### CVE-2019-18218 (2019-10-21) + + +cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). + + +- [Live-Hack-CVE/CVE-2019-18218](https://github.com/Live-Hack-CVE/CVE-2019-18218) + ### CVE-2019-18222 (2020-01-23) @@ -29567,6 +30811,22 @@ A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt - [Live-Hack-CVE/CVE-2019-18897](https://github.com/Live-Hack-CVE/CVE-2019-18897) +### CVE-2019-18898 (2020-01-23) + + +UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. + + +- [Live-Hack-CVE/CVE-2019-18898](https://github.com/Live-Hack-CVE/CVE-2019-18898) + +### CVE-2019-18901 (2020-03-02) + + +A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1. + + +- [Live-Hack-CVE/CVE-2019-18901](https://github.com/Live-Hack-CVE/CVE-2019-18901) + ### CVE-2019-18906 (2021-06-30) @@ -29609,15 +30869,6 @@ TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access cont - [reversebrain/CVE-2019-18988](https://github.com/reversebrain/CVE-2019-18988) - [mr-r3b00t/CVE-2019-18988](https://github.com/mr-r3b00t/CVE-2019-18988) -### CVE-2019-19012 (2019-11-16) - - -An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. - - -- [ManhNDd/CVE-2019-19012](https://github.com/ManhNDd/CVE-2019-19012) -- [tarantula-team/CVE-2019-19012](https://github.com/tarantula-team/CVE-2019-19012) - ### CVE-2019-19030 (2022-12-26) @@ -29626,21 +30877,12 @@ Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allo - [Live-Hack-CVE/CVE-2019-19030](https://github.com/Live-Hack-CVE/CVE-2019-19030) -### CVE-2019-19033 (2019-11-21) - - -Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password. - - -- [ricardojoserf/CVE-2019-19033](https://github.com/ricardojoserf/CVE-2019-19033) - ### CVE-2019-19203 (2019-11-21) An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. -- [ManhNDd/CVE-2019-19203](https://github.com/ManhNDd/CVE-2019-19203) - [tarantula-team/CVE-2019-19203](https://github.com/tarantula-team/CVE-2019-19203) ### CVE-2019-19204 (2019-11-21) @@ -29649,9 +30891,16 @@ An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb180 An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. -- [ManhNDd/CVE-2019-19204](https://github.com/ManhNDd/CVE-2019-19204) - [tarantula-team/CVE-2019-19204](https://github.com/tarantula-team/CVE-2019-19204) +### CVE-2019-19206 (2019-11-26) + + +Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. + + +- [Live-Hack-CVE/CVE-2019-19206](https://github.com/Live-Hack-CVE/CVE-2019-19206) + ### CVE-2019-19221 (2019-11-21) @@ -29668,9 +30917,6 @@ An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, - [hessandrew/CVE-2019-19231](https://github.com/hessandrew/CVE-2019-19231) -### CVE-2019-19268 -- [TheCyberGeek/CVE-2019-19268](https://github.com/TheCyberGeek/CVE-2019-19268) - ### CVE-2019-19300 (2020-04-14) @@ -29768,20 +31014,6 @@ The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Executi ### CVE-2019-19633 - [jra89/CVE-2019-19633](https://github.com/jra89/CVE-2019-19633) -### CVE-2019-19634 (2019-12-17) - - -class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. - - -- [jra89/CVE-2019-19634](https://github.com/jra89/CVE-2019-19634) - -### CVE-2019-19651 -- [jra89/CVE-2019-19651](https://github.com/jra89/CVE-2019-19651) - -### CVE-2019-19652 -- [jra89/CVE-2019-19652](https://github.com/jra89/CVE-2019-19652) - ### CVE-2019-19653 - [jra89/CVE-2019-19653](https://github.com/jra89/CVE-2019-19653) @@ -29972,6 +31204,14 @@ uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer si - [delicateByte/CVE-2019-19945_Test](https://github.com/delicateByte/CVE-2019-19945_Test) +### CVE-2019-19947 (2019-12-23) + + +In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. + + +- [Live-Hack-CVE/CVE-2019-19947](https://github.com/Live-Hack-CVE/CVE-2019-19947) + ### CVE-2019-19966 (2019-12-24) @@ -30061,6 +31301,46 @@ NGINX before 1.17.7, with certain error_page configurations, allows HTTP request - [vuongnv3389-sec/CVE-2019-20372](https://github.com/vuongnv3389-sec/CVE-2019-20372) +### CVE-2019-20434 (2020-01-27) + + +An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console. + + +- [Live-Hack-CVE/CVE-2019-20434](https://github.com/Live-Hack-CVE/CVE-2019-20434) + +### CVE-2019-20435 (2020-01-27) + + +An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. + + +- [Live-Hack-CVE/CVE-2019-20435](https://github.com/Live-Hack-CVE/CVE-2019-20435) + +### CVE-2019-20436 (2020-01-27) + + +An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects. + + +- [Live-Hack-CVE/CVE-2019-20436](https://github.com/Live-Hack-CVE/CVE-2019-20436) + +### CVE-2019-20437 (2020-01-27) + + +An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations. + + +- [Live-Hack-CVE/CVE-2019-20437](https://github.com/Live-Hack-CVE/CVE-2019-20437) + +### CVE-2019-20439 (2020-01-27) + + +An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher. + + +- [Live-Hack-CVE/CVE-2019-20439](https://github.com/Live-Hack-CVE/CVE-2019-20439) + ### CVE-2019-20446 (2020-02-02) @@ -30069,6 +31349,14 @@ In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested pattern - [Live-Hack-CVE/CVE-2019-20446](https://github.com/Live-Hack-CVE/CVE-2019-20446) +### CVE-2019-20790 (2020-04-27) + + +OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. + + +- [Live-Hack-CVE/CVE-2019-20790](https://github.com/Live-Hack-CVE/CVE-2019-20790) + ### CVE-2019-20798 (2020-05-17) @@ -30181,6 +31469,14 @@ A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier - [1NTheKut/CVE-2019-1003000_RCE-DETECTION](https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION) - [purple-WL/Jenkins_CVE-2019-1003000](https://github.com/purple-WL/Jenkins_CVE-2019-1003000) +### CVE-2019-1010016 (2019-07-14) + + +Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. + + +- [Live-Hack-CVE/CVE-2019-1010016](https://github.com/Live-Hack-CVE/CVE-2019-1010016) + ### CVE-2019-1010054 (2019-07-18) @@ -30188,6 +31484,7 @@ Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: - [chaizeg/CSRF-breach](https://github.com/chaizeg/CSRF-breach) +- [Live-Hack-CVE/CVE-2019-1010054](https://github.com/Live-Hack-CVE/CVE-2019-1010054) ### CVE-2019-1010065 (2019-07-18) @@ -30719,6 +32016,14 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar ### CVE-2018-3260 - [ionescu007/SpecuCheck](https://github.com/ionescu007/SpecuCheck) +### CVE-2018-3282 (2018-10-16) + + +Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + +- [Live-Hack-CVE/CVE-2018-3282](https://github.com/Live-Hack-CVE/CVE-2018-3282) + ### CVE-2018-3284 (2018-10-16) @@ -31185,6 +32490,54 @@ An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versi - [bigric3/CVE-2018-4901](https://github.com/bigric3/CVE-2018-4901) +### CVE-2018-4919 (2018-05-19) + + +Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. + + +- [Live-Hack-CVE/CVE-2018-4919](https://github.com/Live-Hack-CVE/CVE-2018-4919) + +### CVE-2018-4920 (2018-05-19) + + +Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. + + +- [Live-Hack-CVE/CVE-2018-4920](https://github.com/Live-Hack-CVE/CVE-2018-4920) + +### CVE-2018-4934 (2018-05-19) + + +Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. + + +- [Live-Hack-CVE/CVE-2018-4934](https://github.com/Live-Hack-CVE/CVE-2018-4934) + +### CVE-2018-4935 (2018-05-19) + + +Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. + + +- [Live-Hack-CVE/CVE-2018-4935](https://github.com/Live-Hack-CVE/CVE-2018-4935) + +### CVE-2018-4936 (2018-05-19) + + +Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure. + + +- [Live-Hack-CVE/CVE-2018-4936](https://github.com/Live-Hack-CVE/CVE-2018-4936) + +### CVE-2018-4937 (2018-05-19) + + +Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. + + +- [Live-Hack-CVE/CVE-2018-4937](https://github.com/Live-Hack-CVE/CVE-2018-4937) + ### CVE-2018-5146 (2018-06-11) @@ -31507,6 +32860,14 @@ Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editin - [pradeepjairamani/WolfCMS-XSS-POC](https://github.com/pradeepjairamani/WolfCMS-XSS-POC) +### CVE-2018-6891 (2018-02-11) + + +Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. + + +- [Live-Hack-CVE/CVE-2018-6891](https://github.com/Live-Hack-CVE/CVE-2018-6891) + ### CVE-2018-6892 (2018-02-11) @@ -32584,6 +33945,14 @@ Buffer overflow in OPC UA applications allows remote attackers to trigger a stac - [kevinherron/stack-overflow-poc](https://github.com/kevinherron/stack-overflow-poc) +### CVE-2018-12207 (2019-11-14) + + +Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. + + +- [Live-Hack-CVE/CVE-2018-12207](https://github.com/Live-Hack-CVE/CVE-2018-12207) + ### CVE-2018-12326 (2018-06-17) @@ -32766,6 +34135,14 @@ The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 all - [shinecome/zip](https://github.com/shinecome/zip) +### CVE-2018-13447 (2018-07-08) + + +SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. + + +- [Live-Hack-CVE/CVE-2018-13447](https://github.com/Live-Hack-CVE/CVE-2018-13447) + ### CVE-2018-13784 (2018-07-09) @@ -33762,6 +35139,46 @@ The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-o - [Live-Hack-CVE/CVE-2018-19939](https://github.com/Live-Hack-CVE/CVE-2018-19939) +### CVE-2018-19950 (2020-11-02) + + +If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. + + +- [Live-Hack-CVE/CVE-2018-19950](https://github.com/Live-Hack-CVE/CVE-2018-19950) + +### CVE-2018-19951 (2020-11-02) + + +If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. + + +- [Live-Hack-CVE/CVE-2018-19951](https://github.com/Live-Hack-CVE/CVE-2018-19951) + +### CVE-2018-19954 (2020-11-02) + + +The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. + + +- [Live-Hack-CVE/CVE-2018-19954](https://github.com/Live-Hack-CVE/CVE-2018-19954) + +### CVE-2018-19955 (2020-11-02) + + +The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. + + +- [Live-Hack-CVE/CVE-2018-19955](https://github.com/Live-Hack-CVE/CVE-2018-19955) + +### CVE-2018-19956 (2020-11-02) + + +The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. + + +- [Live-Hack-CVE/CVE-2018-19956](https://github.com/Live-Hack-CVE/CVE-2018-19956) + ### CVE-2018-19987 (2019-05-13) @@ -33770,6 +35187,46 @@ D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, D - [nahueldsanchez/blogpost_cve-2018-19987-analysis](https://github.com/nahueldsanchez/blogpost_cve-2018-19987-analysis) +### CVE-2018-19992 (2019-01-03) + + +A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. + + +- [Live-Hack-CVE/CVE-2018-19992](https://github.com/Live-Hack-CVE/CVE-2018-19992) + +### CVE-2018-19993 (2019-01-03) + + +A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. + + +- [Live-Hack-CVE/CVE-2018-19993](https://github.com/Live-Hack-CVE/CVE-2018-19993) + +### CVE-2018-19994 (2019-01-03) + + +An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. + + +- [Live-Hack-CVE/CVE-2018-19994](https://github.com/Live-Hack-CVE/CVE-2018-19994) + +### CVE-2018-19995 (2019-01-03) + + +A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. + + +- [Live-Hack-CVE/CVE-2018-19995](https://github.com/Live-Hack-CVE/CVE-2018-19995) + +### CVE-2018-19998 (2019-01-03) + + +SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. + + +- [Live-Hack-CVE/CVE-2018-19998](https://github.com/Live-Hack-CVE/CVE-2018-19998) + ### CVE-2018-20062 (2018-12-11) @@ -33836,6 +35293,14 @@ Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build - [Alexandre-Bartel/CVE-2018-20343](https://github.com/Alexandre-Bartel/CVE-2018-20343) +### CVE-2018-20432 (2020-09-14) + + +D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. + + +- [Live-Hack-CVE/CVE-2018-20432](https://github.com/Live-Hack-CVE/CVE-2018-20432) + ### CVE-2018-20433 (2018-12-24) @@ -34464,6 +35929,198 @@ An exploitable code execution vulnerability exists in the trapper command functi - [listenquiet/cve-2017-2824-reverse-shell](https://github.com/listenquiet/cve-2017-2824-reverse-shell) +### CVE-2017-2926 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2926](https://github.com/Live-Hack-CVE/CVE-2017-2926) + +### CVE-2017-2928 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2928](https://github.com/Live-Hack-CVE/CVE-2017-2928) + +### CVE-2017-2930 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2930](https://github.com/Live-Hack-CVE/CVE-2017-2930) + +### CVE-2017-2931 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2931](https://github.com/Live-Hack-CVE/CVE-2017-2931) + +### CVE-2017-2932 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2932](https://github.com/Live-Hack-CVE/CVE-2017-2932) + +### CVE-2017-2933 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2933](https://github.com/Live-Hack-CVE/CVE-2017-2933) + +### CVE-2017-2934 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2934](https://github.com/Live-Hack-CVE/CVE-2017-2934) + +### CVE-2017-2935 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2935](https://github.com/Live-Hack-CVE/CVE-2017-2935) + +### CVE-2017-2936 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2936](https://github.com/Live-Hack-CVE/CVE-2017-2936) + +### CVE-2017-2937 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2937](https://github.com/Live-Hack-CVE/CVE-2017-2937) + +### CVE-2017-2938 (2017-01-10) + + +Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. + + +- [Live-Hack-CVE/CVE-2017-2938](https://github.com/Live-Hack-CVE/CVE-2017-2938) + +### CVE-2017-2982 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2982](https://github.com/Live-Hack-CVE/CVE-2017-2982) + +### CVE-2017-2984 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2984](https://github.com/Live-Hack-CVE/CVE-2017-2984) + +### CVE-2017-2985 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2985](https://github.com/Live-Hack-CVE/CVE-2017-2985) + +### CVE-2017-2986 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2986](https://github.com/Live-Hack-CVE/CVE-2017-2986) + +### CVE-2017-2987 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2987](https://github.com/Live-Hack-CVE/CVE-2017-2987) + +### CVE-2017-2988 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2988](https://github.com/Live-Hack-CVE/CVE-2017-2988) + +### CVE-2017-2990 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2990](https://github.com/Live-Hack-CVE/CVE-2017-2990) + +### CVE-2017-2991 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2991](https://github.com/Live-Hack-CVE/CVE-2017-2991) + +### CVE-2017-2992 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2992](https://github.com/Live-Hack-CVE/CVE-2017-2992) + +### CVE-2017-2993 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2993](https://github.com/Live-Hack-CVE/CVE-2017-2993) + +### CVE-2017-2994 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2994](https://github.com/Live-Hack-CVE/CVE-2017-2994) + +### CVE-2017-2995 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2995](https://github.com/Live-Hack-CVE/CVE-2017-2995) + +### CVE-2017-2996 (2017-02-15) + + +Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-2996](https://github.com/Live-Hack-CVE/CVE-2017-2996) + ### CVE-2017-3000 (2017-03-14) @@ -34489,6 +36146,22 @@ Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory co - [homjxi0e/CVE-2017-3078](https://github.com/homjxi0e/CVE-2017-3078) +### CVE-2017-3085 (2017-08-11) + + +Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. + + +- [Live-Hack-CVE/CVE-2017-3085](https://github.com/Live-Hack-CVE/CVE-2017-3085) + +### CVE-2017-3106 (2017-08-11) + + +Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2017-3106](https://github.com/Live-Hack-CVE/CVE-2017-3106) + ### CVE-2017-3143 (2019-01-16) @@ -35150,6 +36823,30 @@ In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read o - [snknritr/CVE-2017-7679-in-python](https://github.com/snknritr/CVE-2017-7679-in-python) +### CVE-2017-7886 (2017-05-10) + + +Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. + + +- [Live-Hack-CVE/CVE-2017-7886](https://github.com/Live-Hack-CVE/CVE-2017-7886) + +### CVE-2017-7887 (2017-05-10) + + +Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. + + +- [Live-Hack-CVE/CVE-2017-7887](https://github.com/Live-Hack-CVE/CVE-2017-7887) + +### CVE-2017-7888 (2017-05-10) + + +Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. + + +- [Live-Hack-CVE/CVE-2017-7888](https://github.com/Live-Hack-CVE/CVE-2017-7888) + ### CVE-2017-7912 (2019-04-08) @@ -35395,6 +37092,14 @@ The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 a - [Live-Hack-CVE/CVE-2017-8847](https://github.com/Live-Hack-CVE/CVE-2017-8847) +### CVE-2017-8879 (2017-05-10) + + +Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. + + +- [Live-Hack-CVE/CVE-2017-8879](https://github.com/Live-Hack-CVE/CVE-2017-8879) + ### CVE-2017-8890 (2017-05-10) @@ -35838,6 +37543,14 @@ Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability ex - [faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc](https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc) +### CVE-2017-11683 (2017-07-27) + + +There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. + + +- [Live-Hack-CVE/CVE-2017-11683](https://github.com/Live-Hack-CVE/CVE-2017-11683) + ### CVE-2017-11774 (2017-10-13) @@ -37009,6 +38722,46 @@ Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obt - [0xSojalSec/Nuclei-TemplatesNuclei-Templates-CVE-2017-17736](https://github.com/0xSojalSec/Nuclei-TemplatesNuclei-Templates-CVE-2017-17736) +### CVE-2017-17897 (2017-12-24) + + +SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. + + +- [Live-Hack-CVE/CVE-2017-17897](https://github.com/Live-Hack-CVE/CVE-2017-17897) + +### CVE-2017-17898 (2017-12-24) + + +Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. + + +- [Live-Hack-CVE/CVE-2017-17898](https://github.com/Live-Hack-CVE/CVE-2017-17898) + +### CVE-2017-17899 (2017-12-24) + + +SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. + + +- [Live-Hack-CVE/CVE-2017-17899](https://github.com/Live-Hack-CVE/CVE-2017-17899) + +### CVE-2017-17900 (2017-12-24) + + +SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. + + +- [Live-Hack-CVE/CVE-2017-17900](https://github.com/Live-Hack-CVE/CVE-2017-17900) + +### CVE-2017-17971 (2017-12-29) + + +The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. + + +- [Live-Hack-CVE/CVE-2017-17971](https://github.com/Live-Hack-CVE/CVE-2017-17971) + ### CVE-2017-18044 (2018-01-19) @@ -37049,6 +38802,14 @@ An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VN - [ShielderSec/CVE-2017-18635](https://github.com/ShielderSec/CVE-2017-18635) +### CVE-2017-18926 (2020-11-06) + + +raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). + + +- [Live-Hack-CVE/CVE-2017-18926](https://github.com/Live-Hack-CVE/CVE-2017-18926) + ### CVE-2017-98505 - [mike-williams/Struts2Vuln](https://github.com/mike-williams/Struts2Vuln) @@ -37204,6 +38965,14 @@ phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weak - [Villaquiranm/5MMISSI-CVE-2017-1000499](https://github.com/Villaquiranm/5MMISSI-CVE-2017-1000499) +### CVE-2017-1000509 (2018-02-09) + + +Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. + + +- [Live-Hack-CVE/CVE-2017-1000509](https://github.com/Live-Hack-CVE/CVE-2017-1000509) + ### CVE-2017-1002101 (2018-03-13) @@ -37660,6 +39429,14 @@ Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x b - [Live-Hack-CVE/CVE-2016-1010](https://github.com/Live-Hack-CVE/CVE-2016-1010) +### CVE-2016-1019 (2016-04-07) + + +Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016. + + +- [Live-Hack-CVE/CVE-2016-1019](https://github.com/Live-Hack-CVE/CVE-2016-1019) + ### CVE-2016-1240 (2016-10-03) @@ -37771,6 +39548,14 @@ The client in OpenSSH before 7.2 mishandles failed cookie generation for untrust - [Live-Hack-CVE/CVE-2016-1908](https://github.com/Live-Hack-CVE/CVE-2016-1908) +### CVE-2016-2031 (2020-01-31) + + +Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. + + +- [Live-Hack-CVE/CVE-2016-2031](https://github.com/Live-Hack-CVE/CVE-2016-2031) + ### CVE-2016-2067 (2016-07-10) @@ -38230,6 +40015,54 @@ Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on - [Live-Hack-CVE/CVE-2016-4163](https://github.com/Live-Hack-CVE/CVE-2016-4163) +### CVE-2016-4271 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a "local-with-filesystem Flash sandbox bypass" issue. + + +- [Live-Hack-CVE/CVE-2016-4271](https://github.com/Live-Hack-CVE/CVE-2016-4271) + +### CVE-2016-4273 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990. + + +- [Live-Hack-CVE/CVE-2016-4273](https://github.com/Live-Hack-CVE/CVE-2016-4273) + +### CVE-2016-4274 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4274](https://github.com/Live-Hack-CVE/CVE-2016-4274) + +### CVE-2016-4275 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4275](https://github.com/Live-Hack-CVE/CVE-2016-4275) + +### CVE-2016-4276 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4276](https://github.com/Live-Hack-CVE/CVE-2016-4276) + +### CVE-2016-4277 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4278. + + +- [Live-Hack-CVE/CVE-2016-4277](https://github.com/Live-Hack-CVE/CVE-2016-4277) + ### CVE-2016-4278 (2016-09-14) @@ -38238,6 +40071,62 @@ Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on - [Live-Hack-CVE/CVE-2016-4278](https://github.com/Live-Hack-CVE/CVE-2016-4278) +### CVE-2016-4280 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4280](https://github.com/Live-Hack-CVE/CVE-2016-4280) + +### CVE-2016-4281 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4281](https://github.com/Live-Hack-CVE/CVE-2016-4281) + +### CVE-2016-4282 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4282](https://github.com/Live-Hack-CVE/CVE-2016-4282) + +### CVE-2016-4283 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4283](https://github.com/Live-Hack-CVE/CVE-2016-4283) + +### CVE-2016-4284 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4284](https://github.com/Live-Hack-CVE/CVE-2016-4284) + +### CVE-2016-4285 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-6922, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-4285](https://github.com/Live-Hack-CVE/CVE-2016-4285) + +### CVE-2016-4287 (2016-09-14) + + +Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors. + + +- [Live-Hack-CVE/CVE-2016-4287](https://github.com/Live-Hack-CVE/CVE-2016-4287) + ### CVE-2016-4432 (2016-06-01) @@ -38692,6 +40581,22 @@ Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check i - [TSNGL21/CVE-2016-6801](https://github.com/TSNGL21/CVE-2016-6801) +### CVE-2016-6922 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6924. + + +- [Live-Hack-CVE/CVE-2016-6922](https://github.com/Live-Hack-CVE/CVE-2016-6922) + +### CVE-2016-6924 (2016-09-14) + + +Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6922. + + +- [Live-Hack-CVE/CVE-2016-6924](https://github.com/Live-Hack-CVE/CVE-2016-6924) + ### CVE-2016-6931 (2016-09-14) @@ -38700,6 +40605,86 @@ Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x th - [Live-Hack-CVE/CVE-2016-6931](https://github.com/Live-Hack-CVE/CVE-2016-6931) +### CVE-2016-6981 (2016-10-13) + + +Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987. + + +- [Live-Hack-CVE/CVE-2016-6981](https://github.com/Live-Hack-CVE/CVE-2016-6981) + +### CVE-2016-6982 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990. + + +- [Live-Hack-CVE/CVE-2016-6982](https://github.com/Live-Hack-CVE/CVE-2016-6982) + +### CVE-2016-6983 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990. + + +- [Live-Hack-CVE/CVE-2016-6983](https://github.com/Live-Hack-CVE/CVE-2016-6983) + +### CVE-2016-6984 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990. + + +- [Live-Hack-CVE/CVE-2016-6984](https://github.com/Live-Hack-CVE/CVE-2016-6984) + +### CVE-2016-6985 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990. + + +- [Live-Hack-CVE/CVE-2016-6985](https://github.com/Live-Hack-CVE/CVE-2016-6985) + +### CVE-2016-6986 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6989, and CVE-2016-6990. + + +- [Live-Hack-CVE/CVE-2016-6986](https://github.com/Live-Hack-CVE/CVE-2016-6986) + +### CVE-2016-6987 (2016-10-13) + + +Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981. + + +- [Live-Hack-CVE/CVE-2016-6987](https://github.com/Live-Hack-CVE/CVE-2016-6987) + +### CVE-2016-6989 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6990. + + +- [Live-Hack-CVE/CVE-2016-6989](https://github.com/Live-Hack-CVE/CVE-2016-6989) + +### CVE-2016-6990 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6989. + + +- [Live-Hack-CVE/CVE-2016-6990](https://github.com/Live-Hack-CVE/CVE-2016-6990) + +### CVE-2016-6992 (2016-10-13) + + +Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion." + + +- [Live-Hack-CVE/CVE-2016-6992](https://github.com/Live-Hack-CVE/CVE-2016-6992) + ### CVE-2016-7117 (2016-10-10) @@ -38762,6 +40747,142 @@ Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows - [swagatbora90/CheckFlashPlayerVersion](https://github.com/swagatbora90/CheckFlashPlayerVersion) +### CVE-2016-7867 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7867](https://github.com/Live-Hack-CVE/CVE-2016-7867) + +### CVE-2016-7868 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7868](https://github.com/Live-Hack-CVE/CVE-2016-7868) + +### CVE-2016-7869 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7869](https://github.com/Live-Hack-CVE/CVE-2016-7869) + +### CVE-2016-7870 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7870](https://github.com/Live-Hack-CVE/CVE-2016-7870) + +### CVE-2016-7871 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7871](https://github.com/Live-Hack-CVE/CVE-2016-7871) + +### CVE-2016-7872 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7872](https://github.com/Live-Hack-CVE/CVE-2016-7872) + +### CVE-2016-7873 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7873](https://github.com/Live-Hack-CVE/CVE-2016-7873) + +### CVE-2016-7874 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7874](https://github.com/Live-Hack-CVE/CVE-2016-7874) + +### CVE-2016-7875 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7875](https://github.com/Live-Hack-CVE/CVE-2016-7875) + +### CVE-2016-7876 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7876](https://github.com/Live-Hack-CVE/CVE-2016-7876) + +### CVE-2016-7877 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7877](https://github.com/Live-Hack-CVE/CVE-2016-7877) + +### CVE-2016-7878 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7878](https://github.com/Live-Hack-CVE/CVE-2016-7878) + +### CVE-2016-7879 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7879](https://github.com/Live-Hack-CVE/CVE-2016-7879) + +### CVE-2016-7880 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7880](https://github.com/Live-Hack-CVE/CVE-2016-7880) + +### CVE-2016-7881 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7881](https://github.com/Live-Hack-CVE/CVE-2016-7881) + +### CVE-2016-7890 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy. + + +- [Live-Hack-CVE/CVE-2016-7890](https://github.com/Live-Hack-CVE/CVE-2016-7890) + +### CVE-2016-7892 (2016-12-15) + + +Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution. + + +- [Live-Hack-CVE/CVE-2016-7892](https://github.com/Live-Hack-CVE/CVE-2016-7892) + ### CVE-2016-7913 (2016-11-15) @@ -40860,6 +42981,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p - [pierceoneill/bleeding-heart](https://github.com/pierceoneill/bleeding-heart) - [k4u5h41/CVE-2014-0160_Heartbleed](https://github.com/k4u5h41/CVE-2014-0160_Heartbleed) - [GardeniaWhite/fuzzing](https://github.com/GardeniaWhite/fuzzing) +- [Live-Hack-CVE/CVE-2014-0160](https://github.com/Live-Hack-CVE/CVE-2014-0160) ### CVE-2014-0166 (2014-04-09) @@ -40996,6 +43118,94 @@ Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obta - [tihmstar/freePW_tc7200Eploit](https://github.com/tihmstar/freePW_tc7200Eploit) +### CVE-2014-1705 (2014-03-16) + + +Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. + + +- [Live-Hack-CVE/CVE-2014-1705](https://github.com/Live-Hack-CVE/CVE-2014-1705) + +### CVE-2014-1713 (2014-03-16) + + +Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value. + + +- [Live-Hack-CVE/CVE-2014-1713](https://github.com/Live-Hack-CVE/CVE-2014-1713) + +### CVE-2014-1714 (2014-03-16) + + +The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. + + +- [Live-Hack-CVE/CVE-2014-1714](https://github.com/Live-Hack-CVE/CVE-2014-1714) + +### CVE-2014-1715 (2014-03-16) + + +Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. + + +- [Live-Hack-CVE/CVE-2014-1715](https://github.com/Live-Hack-CVE/CVE-2014-1715) + +### CVE-2014-1730 (2014-04-26) + + +Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. + + +- [Live-Hack-CVE/CVE-2014-1730](https://github.com/Live-Hack-CVE/CVE-2014-1730) + +### CVE-2014-1731 (2014-04-26) + + +core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. + + +- [Live-Hack-CVE/CVE-2014-1731](https://github.com/Live-Hack-CVE/CVE-2014-1731) + +### CVE-2014-1732 (2014-04-26) + + +Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. + + +- [Live-Hack-CVE/CVE-2014-1732](https://github.com/Live-Hack-CVE/CVE-2014-1732) + +### CVE-2014-1733 (2014-04-26) + + +The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. + + +- [Live-Hack-CVE/CVE-2014-1733](https://github.com/Live-Hack-CVE/CVE-2014-1733) + +### CVE-2014-1734 (2014-04-26) + + +Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. + + +- [Live-Hack-CVE/CVE-2014-1734](https://github.com/Live-Hack-CVE/CVE-2014-1734) + +### CVE-2014-1735 (2014-04-26) + + +Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. + + +- [Live-Hack-CVE/CVE-2014-1735](https://github.com/Live-Hack-CVE/CVE-2014-1735) + +### CVE-2014-1736 (2014-05-06) + + +Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value. + + +- [Live-Hack-CVE/CVE-2014-1736](https://github.com/Live-Hack-CVE/CVE-2014-1736) + ### CVE-2014-1767 (2014-07-08) @@ -41103,6 +43313,14 @@ The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 - [elongl/CVE-2014-3153](https://github.com/elongl/CVE-2014-3153) - [c4mx/Linux-kernel-code-injection_CVE-2014-3153](https://github.com/c4mx/Linux-kernel-code-injection_CVE-2014-3153) +### CVE-2014-3166 (2014-08-12) + + +The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. + + +- [Live-Hack-CVE/CVE-2014-3166](https://github.com/Live-Hack-CVE/CVE-2014-3166) + ### CVE-2014-3341 (2014-08-19) @@ -41156,6 +43374,22 @@ The expandArguments function in the database abstraction API in Drupal core 7.x - [happynote3966/CVE-2014-3704](https://github.com/happynote3966/CVE-2014-3704) - [AleDiBen/Drupalgeddon](https://github.com/AleDiBen/Drupalgeddon) +### CVE-2014-3991 (2014-07-11) + + +Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php. + + +- [Live-Hack-CVE/CVE-2014-3991](https://github.com/Live-Hack-CVE/CVE-2014-3991) + +### CVE-2014-3992 (2014-07-11) + + +Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. + + +- [Live-Hack-CVE/CVE-2014-3992](https://github.com/Live-Hack-CVE/CVE-2014-3992) + ### CVE-2014-4014 (2014-06-23) @@ -41289,6 +43523,14 @@ The Linux kernel before 3.15.4 on Intel processors does not properly restrict us - [vnik5287/cve-2014-4699-ptrace](https://github.com/vnik5287/cve-2014-4699-ptrace) +### CVE-2014-4717 (2014-07-03) + + +Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts. + + +- [Live-Hack-CVE/CVE-2014-4717](https://github.com/Live-Hack-CVE/CVE-2014-4717) + ### CVE-2014-4936 (2014-12-16) @@ -41696,6 +43938,134 @@ The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), - [Live-Hack-CVE/CVE-2013-0791](https://github.com/Live-Hack-CVE/CVE-2013-0791) +### CVE-2013-0881 (2013-02-23) + + +Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. + + +- [Live-Hack-CVE/CVE-2013-0881](https://github.com/Live-Hack-CVE/CVE-2013-0881) + +### CVE-2013-0882 (2013-02-23) + + +Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. + + +- [Live-Hack-CVE/CVE-2013-0882](https://github.com/Live-Hack-CVE/CVE-2013-0882) + +### CVE-2013-0883 (2013-02-23) + + +Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. + + +- [Live-Hack-CVE/CVE-2013-0883](https://github.com/Live-Hack-CVE/CVE-2013-0883) + +### CVE-2013-0884 (2013-02-23) + + +Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. + + +- [Live-Hack-CVE/CVE-2013-0884](https://github.com/Live-Hack-CVE/CVE-2013-0884) + +### CVE-2013-0885 (2013-02-23) + + +Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. + + +- [Live-Hack-CVE/CVE-2013-0885](https://github.com/Live-Hack-CVE/CVE-2013-0885) + +### CVE-2013-0887 (2013-02-23) + + +The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. + + +- [Live-Hack-CVE/CVE-2013-0887](https://github.com/Live-Hack-CVE/CVE-2013-0887) + +### CVE-2013-0888 (2013-02-23) + + +Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads." + + +- [Live-Hack-CVE/CVE-2013-0888](https://github.com/Live-Hack-CVE/CVE-2013-0888) + +### CVE-2013-0889 (2013-02-23) + + +Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. + + +- [Live-Hack-CVE/CVE-2013-0889](https://github.com/Live-Hack-CVE/CVE-2013-0889) + +### CVE-2013-0890 (2013-02-23) + + +Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. + + +- [Live-Hack-CVE/CVE-2013-0890](https://github.com/Live-Hack-CVE/CVE-2013-0890) + +### CVE-2013-0891 (2013-02-23) + + +Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob. + + +- [Live-Hack-CVE/CVE-2013-0891](https://github.com/Live-Hack-CVE/CVE-2013-0891) + +### CVE-2013-0892 (2013-02-23) + + +Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. + + +- [Live-Hack-CVE/CVE-2013-0892](https://github.com/Live-Hack-CVE/CVE-2013-0892) + +### CVE-2013-0893 (2013-02-23) + + +Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media. + + +- [Live-Hack-CVE/CVE-2013-0893](https://github.com/Live-Hack-CVE/CVE-2013-0893) + +### CVE-2013-0895 (2013-02-23) + + +Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. + + +- [Live-Hack-CVE/CVE-2013-0895](https://github.com/Live-Hack-CVE/CVE-2013-0895) + +### CVE-2013-0896 (2013-02-23) + + +Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. + + +- [Live-Hack-CVE/CVE-2013-0896](https://github.com/Live-Hack-CVE/CVE-2013-0896) + +### CVE-2013-0897 (2013-02-23) + + +Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document. + + +- [Live-Hack-CVE/CVE-2013-0897](https://github.com/Live-Hack-CVE/CVE-2013-0897) + +### CVE-2013-0900 (2013-02-23) + + +Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. + + +- [Live-Hack-CVE/CVE-2013-0900](https://github.com/Live-Hack-CVE/CVE-2013-0900) + ### CVE-2013-225 - [ninj4c0d3r/ShellEvil](https://github.com/ninj4c0d3r/ShellEvil) @@ -41801,6 +44171,30 @@ Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4 - [bl4ck5un/cve-2013-2072](https://github.com/bl4ck5un/cve-2013-2072) +### CVE-2013-2091 (2019-11-20) + + +SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. + + +- [Live-Hack-CVE/CVE-2013-2091](https://github.com/Live-Hack-CVE/CVE-2013-2091) + +### CVE-2013-2092 (2019-11-20) + + +Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. + + +- [Live-Hack-CVE/CVE-2013-2092](https://github.com/Live-Hack-CVE/CVE-2013-2092) + +### CVE-2013-2093 (2019-11-20) + + +Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. + + +- [Live-Hack-CVE/CVE-2013-2093](https://github.com/Live-Hack-CVE/CVE-2013-2093) + ### CVE-2013-2094 (2013-05-14) @@ -42135,6 +44529,38 @@ The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attacker - [Everdoh/CVE-2013-6490](https://github.com/Everdoh/CVE-2013-6490) +### CVE-2013-6641 (2014-01-16) + + +Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. + + +- [Live-Hack-CVE/CVE-2013-6641](https://github.com/Live-Hack-CVE/CVE-2013-6641) + +### CVE-2013-6644 (2014-01-16) + + +Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. + + +- [Live-Hack-CVE/CVE-2013-6644](https://github.com/Live-Hack-CVE/CVE-2013-6644) + +### CVE-2013-6645 (2014-01-16) + + +Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. + + +- [Live-Hack-CVE/CVE-2013-6645](https://github.com/Live-Hack-CVE/CVE-2013-6645) + +### CVE-2013-6646 (2014-01-16) + + +Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. + + +- [Live-Hack-CVE/CVE-2013-6646](https://github.com/Live-Hack-CVE/CVE-2013-6646) + ### CVE-2013-6668 (2014-03-04) @@ -42195,6 +44621,22 @@ The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before - [Live-Hack-CVE/CVE-2012-0777](https://github.com/Live-Hack-CVE/CVE-2012-0777) +### CVE-2012-1225 (2012-02-20) + + +Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. + + +- [Live-Hack-CVE/CVE-2012-1225](https://github.com/Live-Hack-CVE/CVE-2012-1225) + +### CVE-2012-1226 (2012-02-20) + + +Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. + + +- [Live-Hack-CVE/CVE-2012-1226](https://github.com/Live-Hack-CVE/CVE-2012-1226) + ### CVE-2012-1675 (2012-05-08) @@ -42655,6 +45097,30 @@ The simplexml_load_string function in the XML import plug-in (libraries/import/x - [SECFORCE/CVE-2011-4107](https://github.com/SECFORCE/CVE-2011-4107) +### CVE-2011-4329 (2011-11-28) + + +Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php. + + +- [Live-Hack-CVE/CVE-2011-4329](https://github.com/Live-Hack-CVE/CVE-2011-4329) + +### CVE-2011-4802 (2011-12-13) + + +Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. + + +- [Live-Hack-CVE/CVE-2011-4802](https://github.com/Live-Hack-CVE/CVE-2011-4802) + +### CVE-2011-4814 (2011-12-13) + + +Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php. + + +- [Live-Hack-CVE/CVE-2011-4814](https://github.com/Live-Hack-CVE/CVE-2011-4814) + ### CVE-2011-4862 (2011-12-24) @@ -43745,6 +46211,7 @@ The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the clie - [Balasys/dheater](https://github.com/Balasys/dheater) +- [Live-Hack-CVE/CVE-2002-20001](https://github.com/Live-Hack-CVE/CVE-2002-20001) ## 2001 @@ -43853,6 +46320,14 @@ Land IP denial of service. - [pexmee/CVE-1999-0016-Land-DOS-tool](https://github.com/pexmee/CVE-1999-0016-Land-DOS-tool) - [Pommaq/CVE-1999-0016-POC](https://github.com/Pommaq/CVE-1999-0016-POC) +### CVE-1999-0524 (2000-02-04) + + +ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. + + +- [Live-Hack-CVE/CVE-1999-0524](https://github.com/Live-Hack-CVE/CVE-1999-0524) + ### CVE-1999-0532 (2000-02-04)