Trinadh465

112 exploits Active since Jun 2015
CVE-2023-35828 NOMISEC HIGH WRITEUP
Linux Kernel < 6.3.2 - Use-After-Free in renesas_usb3_remove
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
CVSS 7.0
CVE-2023-21238 NOMISEC MEDIUM WORKING POC
Android - Local Information Disclosure via RemoteViews visitUris
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.5
CVE-2023-21288 NOMISEC MEDIUM WORKING POC
Android - Missing Authorization in Notification URI Handling
In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.5
CVE-2023-21282 NOMISEC HIGH WORKING POC
Android - Out-of-bounds Write in TRANSPOSER_SETTINGS
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS 8.8
CVE-2023-21284 NOMISEC MEDIUM WORKING POC
Android - Denial of Service via Find My Device Feature Manipulation
In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.5
CVE-2023-21251 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via ConfirmDialog Input Validation Bypass
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
CVSS 7.3
CVE-2023-26048 NOMISEC MEDIUM WRITEUP
Eclipse Jetty < 9.4.51 - Denial of Service via Multipart Request with Large Content
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
CVSS 5.3
CVE-2023-21282 NOMISEC HIGH WORKING POC
Android - Out-of-bounds Write in TRANSPOSER_SETTINGS
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS 8.8
CVE-2023-21286 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via RemoteViews visitUris Permission Bypass
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2023-0464 NOMISEC HIGH STUB
OpenSSL 1.0.2-1.0.2zh - Denial of Service via Malicious X.509 Certificate Chain with Policy Constraints
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
CVSS 7.5
CVE-2023-20909 NOMISEC MEDIUM WORKING POC
Android - Missing Authorization in RunningTasks.java
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512
CVSS 5.5
CVE-2023-20909 NOMISEC MEDIUM
Android - Missing Authorization in RunningTasks.java
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512
CVSS 5.5
CVE-2022-45934 NOMISEC HIGH WORKING POC
Linux Kernel 2.6.32-4.9.337 - Integer Overflow via L2CAP Configuration Request
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVSS 7.8
CVE-2022-4304 NOMISEC MEDIUM STUB
OpenSSL - Timing Side-Channel Attack in RSA Decryption
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
CVSS 5.9
CVE-2022-43680 NOMISEC HIGH WRITEUP
libexpat < 2.4.9 - Use-After-Free in XML_ExternalEntityParserCreate
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVSS 7.5
CVE-2022-45934 NOMISEC HIGH WRITEUP
Linux Kernel 2.6.32-4.9.337 - Integer Overflow via L2CAP Configuration Request
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVSS 7.8
CVE-2022-3564 NOMISEC MEDIUM STUB
Linux Kernel 3.6-4.9.332 - Use-After-Free in Bluetooth L2CAP SDU Reassembly
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
CVSS 5.5
CVE-2022-37434 NOMISEC CRITICAL
zlib <= 1.2.12 - Heap-Based Buffer Overflow in inflate via Large Gzip Header Extra Field
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS 9.8
CVE-2023-21097 NOMISEC HIGH WORKING POC
Android 11-13 - Local Privilege Escalation via Intent toUriInner Confused Deputy
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325
CVSS 7.8
CVE-2023-20963 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via WorkSource Parcel Mismatch
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
CVSS 7.8
CVE-2023-21086 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via NFC Permissions Bypass
In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970
CVSS 7.8
CVE-2022-37434 NOMISEC CRITICAL STUB
zlib <= 1.2.12 - Heap-Based Buffer Overflow in inflate via Large Gzip Header Extra Field
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS 9.8
CVE-2023-21094 NOMISEC HIGH WORKING POC
Android - Missing Authorization in LayerState.cpp
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255
CVSS 7.8
CVE-2023-20933 NOMISEC HIGH WORKING POC
Android - Use-After-Free in MediaCodec.cpp
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753
CVSS 7.8
CVE-2023-20943 NOMISEC HIGH WORKING POC
Android - Path Traversal in ActivityManagerService.clearApplicationUserData
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890
CVSS 7.8