Gabriele Dattile

3 exploits Active since Mar 2023
CVE-2023-20963 GITHUB HIGH python WORKING POC
Google Android - Improper Certificate Validation
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
CVSS 7.8
CVE-2023-29017 GITHUB CRITICAL python WORKING POC
vm2 <3.9.15 - RCE
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.
CVSS 10.0
CVE-2024-0044 GITHUB MEDIUM python WORKING POC
PackageInstallerService - Privilege Escalation
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 6.7