SpiralBL0CK

41 exploits Active since Dec 2016
CVE-2025-23339 NOMISEC LOW WORKING POC
NVIDIA CUDA Toolkit < 13.0.0 - Stack-based Buffer Overflow via Malicious ELF File in cuobjdump
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump.
CVSS 3.3
CVE-2025-0087 NOMISEC MEDIUM WORKING POC
Android - Local Privilege Escalation via UninstallerActivity Permission Bypass
In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.1
CVE-2024-31320 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via Companion Device Association
In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2024-39908 NOMISEC MEDIUM STUB
REXML < 3.3.2 - Denial of Service via Malformed XML Parsing
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
CVSS 4.3
CVE-2024-22017 NOMISEC HIGH WORKING POC
Node.js >=18.18.0 - Privilege Escalation
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.
CVSS 7.3
CVE-2024-24685 NOMISEC HIGH STUB
libigl 2.5.0 - Stack-based Buffer Overflow in readOFF Vertex Comment Parsing
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the vertex section of an `.off` file processed via the `readOFF` function.
CVSS 7.8
CVE-2024-24684 NOMISEC HIGH NO CODE
libigl 2.5.0 - Stack-based Buffer Overflow in readOFF Function
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the header parsing occuring while processing an `.off` file via the `readOFF` function. We can see above that at [0] a stack-based buffer called `comment` is defined with an hardcoded size of `1000 bytes`. The call to `fscanf` at [1] is unsafe and if the first line of the header of the `.off` files is longer than 1000 bytes it will overflow the `header` buffer.
CVSS 7.8
CVE-2024-24450 NOMISEC MEDIUM WORKING POC
OpenAirInterface CN5G AMF <= 2.0.0 - Buffer Overflow
Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE.
CVSS 5.3
CVE-2024-24451 NOMISEC HIGH WORKING POC
OpenAirInterface CN5G AMF <v2.0.0 - DoS
A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.
CVSS 7.5
CVE-2024-0760 NOMISEC HIGH WORKING POC
BIND 9 9.18.1-9.18.27, 9.19.0-9.19.24, 9.18.11-S1-9.18.27-S1 - Denial of Service via DNS over TCP Flood
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
CVSS 7.5
CVE-2023-37456 NOMISEC MEDIUM STUB
Firefox for iOS < 115 - NULL Pointer Dereference in Session Restore Helper
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
CVSS 6.5
CVE-2022-37332 NOMISEC HIGH WORKING POC
Foxit PDF Reader 12.0.1.12430 - Use-After-Free via JavaScript Media Player API
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
CVSS 7.8
CVE-2022-32981 NOMISEC HIGH WORKING POC
Linux kernel <5.18.3 - Buffer Overflow
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.
CVSS 7.8
CVE-2020-11097 NOMISEC LOW WORKING POC
FreeRDP < 2.1.2 - Out-of-bounds Read in PRIMARY_DRAWING_ORDER_FIELD_BYTES
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
CVSS 3.5
CVE-2016-2338 NOMISEC CRITICAL WORKING POC
Ruby - Heap Overflow in Psych::Emitter start_document Function
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
CVSS 9.8
CVE-2017-2903 NOMISEC HIGH
Blender 2.78c - Integer Overflow in DPX Loading via Crafted .cin File
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVSS 7.8