Mohamed Ghannam

10 exploits Active since Nov 2017
CVE-2023-28206 NOMISEC HIGH WORKING POC
Apple Ipados < 15.7.5 - Out-of-Bounds Write
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
8 stars
CVSS 8.6
CVE-2022-32898 NOMISEC HIGH WRITEUP
Apple Ipados < 15.7 - Denial of Service
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
CVSS 7.8
CVE-2018-5333 METASPLOIT MEDIUM ruby WORKING POC
Linux kernel <4.14.13 - Memory Corruption
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
CVSS 5.5
CVE-2018-5333 EXPLOITDB MEDIUM ruby WORKING POC
Linux kernel <4.14.13 - Memory Corruption
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
CVSS 5.5
CVE-2017-17712 WRITEUP HIGH WRITEUP
Linux Kernel < 4.1.52 - Race Condition
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
CVSS 7.0
CVE-2018-5332 WRITEUP HIGH WRITEUP
Linux kernel <3.2 - Memory Corruption
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
CVSS 7.8
CVE-2019-9213 METASPLOIT MEDIUM ruby WORKING POC
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
CVSS 5.5
CVE-2019-9213 EXPLOITDB MEDIUM ruby WORKING POC
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
CVSS 5.5
CVE-2017-16939 EXPLOITDB HIGH WORKING POC
Linux kernel <4.13.11 - Privilege Escalation/DoS
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
CVSS 7.8
CVE-2017-8824 EXPLOITDB HIGH c WORKING POC
Linux Kernel < 3.2.97 - Use After Free
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
CVSS 7.8