Trinadh465

112 exploits Active since Jun 2015
CVE-2022-20126 NOMISEC HIGH WORKING POC
Android - Missing Authorization in AdapterService Bluetooth Discovery Mode
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023
3 stars
CVSS 7.3
CVE-2023-28588 NOMISEC HIGH NO CODE
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
1 stars
CVSS 7.5
CVE-2023-20911 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via Permission Settings Exhaustion
In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498
1 stars
CVSS 7.8
CVE-2022-20007 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via Race Condition in RootWindowContainer
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342
1 stars
CVSS 7.0
CVE-2022-20473 NOMISEC CRITICAL WORKING POC
Android - Out-of-bounds Read in LocaleListCache.cpp toLanguageTag
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173
1 stars
CVSS 9.8
CVE-2022-20138 NOMISEC HIGH WORKING POC
Android - Missing Authorization in DevicePolicyManagerService
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972
1 stars
CVSS 7.8
CVE-2022-20338 NOMISEC LOW WORKING POC
Android 11-12L - Local Privilege Escalation via HierarchicalUri.readFrom Input Validation
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
1 stars
CVSS 3.3
CVE-2018-25032 NOMISEC HIGH STUB
zlib <1.2.12 - Memory Corruption
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
1 stars
CVSS 7.5
CVE-2015-3195 NOMISEC MEDIUM STUB
OpenSSL <1.0.2e - Info Disclosure
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
1 stars
CVSS 5.3
CVE-2015-3194 NOMISEC HIGH WORKING POC
OpenSSL 1.0.1-1.0.1q and 1.0.2-1.0.2e - Denial of Service via RSA PSS ASN.1 Signature
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
1 stars
CVSS 7.5
CVE-2023-5217 NOMISEC HIGH STUB
libvpx < 1.13.1 - Heap Buffer Overflow in VP8 Encoding
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 8.8
CVE-2023-5217 NOMISEC HIGH STUB
libvpx < 1.13.1 - Heap Buffer Overflow in VP8 Encoding
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 8.8
CVE-2023-40127 NOMISEC LOW WRITEUP
Android - Local Information Disclosure via Confused Deputy in Screenshot Access
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 3.3
CVE-2023-4128 NOMISEC STUB
Rejected
Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
CVE-2023-40084 NOMISEC HIGH WORKING POC
Android - Use-After-Free in MDnsSdListener.cpp
In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2023-40127 NOMISEC LOW WRITEUP
Android - Local Information Disclosure via Confused Deputy in Screenshot Access
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 3.3
CVE-2023-21286 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via RemoteViews visitUris Permission Bypass
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2023-21284 NOMISEC MEDIUM WORKING POC
Android - Denial of Service via Find My Device Feature Manipulation
In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.5
CVE-2023-21288 NOMISEC MEDIUM WORKING POC
Android - Missing Authorization in Notification URI Handling
In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.5
CVE-2023-21282 NOMISEC HIGH WORKING POC
Android - Out-of-bounds Write in TRANSPOSER_SETTINGS
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS 8.8
CVE-2023-21281 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via KeyguardViewMediator Logic Error
In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2023-21282 NOMISEC HIGH WORKING POC
Android - Out-of-bounds Write in TRANSPOSER_SETTINGS
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS 8.8
CVE-2023-26048 NOMISEC MEDIUM WRITEUP
Eclipse Jetty < 9.4.51 - Denial of Service via Multipart Request with Large Content
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
CVSS 5.3
CVE-2023-21275 NOMISEC HIGH WORKING POC
AdminIntegratedFlowPrepareActivity - Privilege Escalation
In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2023-21238 NOMISEC MEDIUM WORKING POC
Android - Local Information Disclosure via RemoteViews visitUris
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.5