Sn0wAlice

16 exploits Active since May 2020
CVE-2022-40363 NOMISEC MEDIUM WRITEUP
Flipper Zero Firmware < 0.65.2 - Denial of Service via NFC File Buffer Overflow
A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.
5 stars
CVSS 5.5
CVE-2020-36603 NOMISEC MEDIUM WRITEUP
Genshin Impact <1.0.0.0 - Code Injection
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.
2 stars
CVSS 6.5
CVE-2023-21739 NOMISEC HIGH WRITEUP
Windows Bluetooth Driver - Privilege Escalation
Windows Bluetooth Driver Elevation of Privilege Vulnerability
1 stars
CVSS 7.0
CVE-2022-41114 NOMISEC HIGH WRITEUP
Windows Bind Filter Driver - Privilege Escalation
Windows Bind Filter Driver Elevation of Privilege Vulnerability
1 stars
CVSS 7.0
CVE-2022-40769 NOMISEC HIGH WRITEUP
profanity < 1.60 - Use of Cryptographically Weak PRNG
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
1 stars
CVSS 7.5
CVE-2023-24059 NOMISEC HIGH STUB
Grand Theft Auto V - Remote Code Execution
Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.
CVSS 7.3
CVE-2022-3464 NOMISEC MEDIUM STUB
puppyCMS < 5.1 - Cross-Site Scripting via site_name Argument in /admin/settings.php
A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699.
CVSS 4.3
CVE-2022-34683 NOMISEC MEDIUM STUB
NVIDIA GPU Display Driver for Windows - Denial of Service via DxgkDdiEscape Null-Pointer Dereference
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.
CVSS 5.5
CVE-2022-44183 NOMISEC CRITICAL WRITEUP
Tenda AC18 V15.03.05.19 - Buffer Overflow
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.
CVSS 9.8
CVE-2022-1329 NOMISEC HIGH WRITEUP
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
CVSS 8.8
CVE-2022-20607 NOMISEC HIGH WRITEUP
Android Pixel Cellular Firmware - Out-of-bounds Write
In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A
CVSS 8.8
CVE-2021-40113 NOMISEC CRITICAL SUSPICIOUS
Cisco Catalyst PON Series Switches ONT Firmware - Unauthenticated Improper Access Control
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
CVSS 10.0
CVE-2021-41160 NOMISEC MEDIUM WRITEUP
FreeRDP < 2.4.1 - Out-of-bounds Write via GDI or SurfaceCommands Graphics Updates
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
CVSS 5.3
CVE-2021-42205 NOMISEC MEDIUM WRITEUP
ELAN Miniport <24.21.51.2 - Use After Free
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.
CVSS 4.7
CVE-2020-11019 NOMISEC MEDIUM WRITEUP
FreeRDP <= 2.0.0 - Out-of-bounds Read via WLOG_TRACE Logger
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.
CVSS 4.3
CVE-2006-20001 NOMISEC HIGH STUB
Apache HTTP Server < 2.4.55 - Out-of-bounds Write via If Header
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.
CVSS 7.5