Live-Hack-CVE/CVE-2022-32952 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:10 +0000 UTC Push: 2023-01-28 05:41:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-32472 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-28 05:41:07 +0000 UTC Push: 2023-01-28 05:41:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-42400 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 05:41:03 +0000 UTC Push: 2023-01-28 05:41:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-42399 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data CVE project by @Sn0wAlice Create: 2023-01-28 05:41:00 +0000 UTC Push: 2023-01-28 05:41:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-42407 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 05:40:55 +0000 UTC Push: 2023-01-28 05:40:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-42406 This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Craf CVE project by @Sn0wAlice Create: 2023-01-28 05:40:50 +0000 UTC Push: 2023-01-28 05:40:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-42405 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:47 +0000 UTC Push: 2023-01-28 05:40:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-42403 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue re CVE project by @Sn0wAlice Create: 2023-01-28 05:40:43 +0000 UTC Push: 2023-01-28 05:40:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-14073 XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:38 +0000 UTC Push: 2023-01-28 05:40:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-13033 In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional sc CVE project by @Sn0wAlice Create: 2023-01-28 05:40:35 +0000 UTC Push: 2023-01-28 05:40:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-17637 In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:31 +0000 UTC Push: 2023-01-28 05:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-8559 The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:28 +0000 UTC Push: 2023-01-28 05:40:30 +0000 UTC |

Live-Hack-CVE/CVE-2020-8557 The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If CVE project by @Sn0wAlice Create: 2023-01-28 05:40:24 +0000 UTC Push: 2023-01-28 05:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2020-16207 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:20 +0000 UTC Push: 2023-01-28 05:40:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-17446 asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:16 +0000 UTC Push: 2023-01-28 05:40:18 +0000 UTC |

Live-Hack-CVE/CVE-2020-15689 Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:12 +0000 UTC Push: 2023-01-28 05:40:15 +0000 UTC |

Live-Hack-CVE/CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional p CVE project by @Sn0wAlice Create: 2023-01-28 05:40:09 +0000 UTC Push: 2023-01-28 05:40:11 +0000 UTC |

Live-Hack-CVE/CVE-2020-14968 An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creati CVE project by @Sn0wAlice Create: 2023-01-28 05:40:05 +0000 UTC Push: 2023-01-28 05:40:07 +0000 UTC |

Live-Hack-CVE/CVE-2017-2788 A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requ CVE project by @Sn0wAlice Create: 2023-01-28 05:40:01 +0000 UTC Push: 2023-01-28 05:40:03 +0000 UTC |

Live-Hack-CVE/CVE-2017-2820 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerabil CVE project by @Sn0wAlice Create: 2023-01-28 05:39:58 +0000 UTC Push: 2023-01-28 05:40:00 +0000 UTC |