Satheesh575555

52 exploits Active since Aug 2014
CVE-2023-0386 NOMISEC HIGH WRITEUP
Local Privilege Escalation via CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
4 stars
CVSS 7.8
CVE-2022-36946 NOMISEC HIGH STUB
Linux Kernel 2.6.14-5.18.14 - Denial of Service via Negative skb->len in nfqnl_mangle
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
1 stars
CVSS 7.5
CVE-2022-20142 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
1 stars
CVSS 7.8
CVE-2022-36946 GITLAB HIGH STUB
Linux Kernel 2.6.14-5.18.14 - Denial of Service via Negative skb->len in nfqnl_mangle
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
CVSS 7.5
CVE-2021-0478 GITLAB HIGH WORKING POC
Android - Local Privilege Escalation via StatusBarIconView Exception Handling
In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797
CVSS 7.8
CVE-2020-0245 GITLAB HIGH WRITEUP
Android - Out-of-bounds Write in DecodeFrameCombinedMode
In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149
CVSS 8.8
CVE-2023-28772 NOMISEC MEDIUM STUB
Linux kernel <5.13.3 - Buffer Overflow
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
CVSS 6.7
CVE-2023-21118 NOMISEC MEDIUM WORKING POC
Android - Out-of-bounds Read in Sensor.cpp unflattenString8
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
CVSS 5.5
CVE-2022-45934 NOMISEC HIGH WORKING POC
Linux Kernel 2.6.32-4.9.337 - Integer Overflow via L2CAP Configuration Request
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVSS 7.8
CVE-2022-42896 NOMISEC HIGH WRITEUP
Linux Kernel < 4.9.335 - Use-After-Free in Bluetooth L2CAP Core
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
CVSS 8.0
CVE-2022-42703 NOMISEC MEDIUM WORKING POC
Linux Kernel < 5.19.7 - Use-After-Free in anon_vma Reuse
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
CVSS 5.5
CVE-2022-20130 NOMISEC CRITICAL WORKING POC
Android -10,11,12,12L - Buffer Overflow
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979
CVSS 9.8
CVE-2022-25236 NOMISEC CRITICAL WRITEUP
libexpat < 2.4.5 - Namespace URI Injection via Namespace-Separator Character
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVSS 9.8
CVE-2022-23990 NOMISEC HIGH STUB
libexpat < 2.4.4 - Integer Overflow in doProlog Function
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVSS 7.5
CVE-2022-23852 NOMISEC CRITICAL WRITEUP
libexpat < 2.4.4 - Integer Overflow in XML_GetBuffer
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVSS 9.8
CVE-2022-25235 NOMISEC CRITICAL STUB
libexpat < 2.4.5 - Improper Encoding or Escaping of Output
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVSS 9.8
CVE-2022-20338 NOMISEC LOW WORKING POC
Android 11-12L - Local Privilege Escalation via HierarchicalUri.readFrom Input Validation
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
CVSS 3.3
CVE-2021-45485 NOMISEC HIGH WRITEUP
Linux Kernel < 5.13.3 - Information Disclosure via IPv6 Source Address Hash Table
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVSS 7.5
CVE-2021-0313 NOMISEC HIGH WRITEUP
Android 8.0-11 - Denial of Service in LayoutUtils.cpp Word Break Handling
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514.
CVSS 7.5
CVE-2021-23841 NOMISEC MEDIUM WRITEUP
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Denial of Service via X509_issuer_and_serial_hash NULL Pointer Dereference
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVSS 5.9
CVE-2021-0397 NOMISEC CRITICAL WRITEUP
Android - Double Free in sdp_copy_raw_data
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148
CVSS 9.8
CVE-2021-0396 NOMISEC CRITICAL STUB
Android <11 - Remote Code Execution
In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106
CVSS 9.8
CVE-2021-0506 NOMISEC HIGH WRITEUP
Android - Tapjacking/Overlay Attack via ActivityPicker Intent Resolution
In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-181962311
CVSS 7.3
CVE-2021-0340 NOMISEC HIGH WRITEUP
Android 10 - Unredacted Location Information Leak in IsoInterface.java
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286
CVSS 8.8
CVE-2021-0333 NOMISEC HIGH WRITEUP
Android - Tapjacking Permissions Bypass via Bluetooth Permission Dialog Overlay
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491
CVSS 7.3