Trinadh465

112 exploits Active since Jun 2015
CVE-2021-0509 NOMISEC HIGH WRITEUP
Android - Use-After-Free via Race Condition in CryptoPlugin.cpp
In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161
CVSS 7.0
CVE-2021-0511 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via Dex2oat Bytecode Injection
In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795
CVSS 7.8
CVE-2021-0589 NOMISEC HIGH WRITEUP
Android -11,8.1,9,10 - Privilege Escalation
In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982
CVSS 7.8
CVE-2021-0640 NOMISEC HIGH WRITEUP
Android -10, -11, -9 - Privilege Escalation
In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-187957589
CVSS 7.8
CVE-2021-0705 NOMISEC HIGH WRITEUP
Android - Local Privilege Escalation via Background Service Restriction Bypass
In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103
CVSS 7.8
CVE-2021-0963 NOMISEC HIGH WRITEUP
Android - Local Privilege Escalation via Tapjacking Overlay Attack
In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277
CVSS 7.1
CVE-2021-22924 NOMISEC LOW STUB
libcurl 7.10.4-7.76.1 - Connection Reuse via Case-Insensitive Path Matching
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
CVSS 3.7
CVE-2021-23840 NOMISEC HIGH WRITEUP
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Integer Overflow in EVP_CipherUpdate
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVSS 7.5
CVE-2021-23841 NOMISEC MEDIUM WORKING POC
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Denial of Service via X509_issuer_and_serial_hash NULL Pointer Dereference
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVSS 5.9
CVE-2021-0393 NOMISEC HIGH STUB
Android - Remote Code Execution via Integer Overflow in Scanner::LiteralBuffer::NewCapacity
In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-168041375
CVSS 7.8
CVE-2020-0155 NOMISEC HIGH WORKING POC
Android - Out-of-bounds Write in phNxpNciHal_send_ese_hal_cmd
In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736386
CVSS 7.8
CVE-2020-15436 NOMISEC MEDIUM WRITEUP
Linux Kernel < 4.4.229 - Use After Free
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
CVSS 6.7
CVE-2020-0198 NOMISEC HIGH WORKING POC
Android - Integer Overflow in exif_data_load_data_content
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941
CVSS 7.5
CVE-2020-0201 NOMISEC CRITICAL WORKING POC
Android 10 - Credential Leak via WifiConfigController Confused Deputy
In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143601727
CVSS 9.8
CVE-2020-0418 NOMISEC HIGH WORKING POC
Android 10 - Local Privilege Escalation via Utils.java getPermissionInfosForGroup Logic Error
In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813
CVSS 7.8
CVE-2020-0381 NOMISEC HIGH WORKING POC
Android - Integer Overflow to Out-of-Bounds Write in Parse_wave
In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150159669
CVSS 7.5
CVE-2020-0226 NOMISEC HIGH WORKING POC
Android 10 - Local Privilege Escalation via Type Confusion in Client.cpp
In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994
CVSS 7.8
CVE-2020-0219 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via SliceDeepLinkSpringBoard Intent Handling
In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081
CVSS 7.8
CVE-2020-0203 NOMISEC HIGH WORKING POC
Android 10 - Local Privilege Escalation via UID Reuse in ProcessList.java
In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146313311
CVSS 7.8
CVE-2020-0215 NOMISEC HIGH WORKING POC
Android - Bluetooth MAC Address Exposure via ConfirmConnectActivity Permissions Bypass
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248
CVSS 7.8
CVE-2020-0219 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via SliceDeepLinkSpringBoard Intent Handling
In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081
CVSS 7.8
CVE-2020-0181 NOMISEC HIGH WORKING POC
Android - Denial of Service via Integer Overflow in exif_data_load_data_thumbnail
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076
CVSS 7.5
CVE-2020-0188 NOMISEC HIGH WORKING POC
Android 10 - Local Privilege Escalation via PendingIntent Error in SettingsSliceProvider
In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147355897
CVSS 7.8
CVE-2020-0453 NOMISEC MEDIUM WORKING POC
Android 8.0-9 - Local Information Disclosure via Unsafe PendingIntent in BeamTransferManager
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
CVSS 5.5
CVE-2019-10220 NOMISEC HIGH STUB
Linux kernel <4.9.0 - Path Traversal
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
CVSS 8.8