Moshe Kol

4 exploits Active since Jun 2020
CVE-2022-20421 NOMISEC HIGH WORKING POC
Android - Memory Corruption
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel
280 stars
CVSS 7.8
CVE-2020-11896 NOMISEC CRITICAL WORKING POC
Treck Tcp/ip < 6.0.1.66 - Out-of-Bounds Write
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
8 stars
CVSS 10.0
CVE-2020-7461 NOMISEC HIGH WORKING POC
Freebsd - Out-of-Bounds Write
In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.
1 stars
CVSS 7.3
CVE-2022-32296 WRITEUP LOW WORKING POC
Linux kernel <5.17.9 - Info Disclosure
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
CVSS 3.3