nanopathi

58 exploits Active since Jun 2020
CVE-2021-0339 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via WindowContainer Animation Handling
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687
1 stars
CVSS 7.8
CVE-2021-0472 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via App Pinning Permissions Bypass
In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033
1 stars
CVSS 7.8
CVE-2021-0325 NOMISEC HIGH WRITEUP
Android -8.1,9,10,11 - Buffer Overflow
In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-174238784
1 stars
CVSS 8.8
CVE-2021-0437 GITLAB HIGH WRITEUP
Android - Double Free in DrmPlugin.cpp
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330
CVSS 7.8
CVE-2021-0435 GITLAB HIGH WRITEUP
Android - Remote Information Disclosure via Uninitialized Data in avrc_proc_vendor_command
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451
CVSS 7.5
CVE-2020-0453 GITLAB MEDIUM WRITEUP
Android 8.0-9 - Local Information Disclosure via Unsafe PendingIntent in BeamTransferManager
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
CVSS 5.5
CVE-2020-25705 GITLAB HIGH STUB
Linux Kernel < 5.10.0 - UDP Port Scan via ICMP Packet Source Port Prediction
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
CVSS 7.4
CVE-2020-0463 GITLAB HIGH WRITEUP
Android - Out-of-bounds Read in Bluetooth SDP Server
In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531
CVSS 7.5
CVE-2022-22822 NOMISEC CRITICAL STUB
libexpat < 2.4.3 - Integer Overflow in addBinding
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS 9.8
CVE-2022-1012 NOMISEC HIGH
Linux Kernel < 5.18 - Memory Leak and Denial of Service via TCP Source Port Generation
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
CVSS 8.2
CVE-2021-46143 NOMISEC HIGH WRITEUP
libexpat < 2.4.3 - Integer Overflow in m_groupSize
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVSS 8.1
CVE-2021-39704 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via NotificationManagerService Permissions Bypass
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481
CVSS 7.8
CVE-2021-39692 NOMISEC HIGH WRITEUP
Android - Local Privilege Escalation via Tapjacking Overlay Attack
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539
CVSS 7.8
CVE-2021-45960 NOMISEC HIGH WRITEUP
libexpat < 2.4.3 - Integer Overflow via Left Shift in storeAtts
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVSS 8.8
CVE-2021-32399 NOMISEC HIGH STUB
Linux Kernel < 5.12.2 - Race Condition in HCI Controller Removal
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVSS 7.0
CVE-2021-3347 NOMISEC HIGH STUB
Linux Kernel < 5.10.11 - Use-After-Free in PI Futex Fault Handling
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
CVSS 7.8
CVE-2021-0513 NOMISEC HIGH WORKING POC
Android 8.1-11 - Unauthenticated Permission Bypass via NotificationManagerService State Validation
In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809
CVSS 7.8
CVE-2021-0508 NOMISEC HIGH WRITEUP
Android 8.1-11 - Use-After-Free via Race Condition in DrmPlugin.cpp
In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154
CVSS 7.0
CVE-2021-0519 NOMISEC HIGH WRITEUP
Android - Out-of-bounds Write in BITSTREAM_FLUSH
In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-176533109
CVSS 7.8
CVE-2021-0476 NOMISEC HIGH WRITEUP
Android - Use-After-Free via Race Condition in FindOrCreatePeer
In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501
CVSS 7.0
CVE-2021-0326 NOMISEC HIGH STUB
Android - Out-of-bounds Write in p2p_copy_client_info
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525
CVSS 7.5
CVE-2021-0507 NOMISEC HIGH WRITEUP
Android - Remote Code Execution via Bluetooth Out-of-bounds Write in btif_rc.cc
In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042
CVSS 8.8
CVE-2021-0520 NOMISEC HIGH WRITEUP
Android 10-11 - Use-After-Free via Race Condition in MemoryFileSystem
In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595
CVSS 7.0
CVE-2021-0318 NOMISEC HIGH WORKING POC
Android -<9,8.1,10,11 - Use After Free
In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968.
CVSS 7.8
CVE-2021-0315 NOMISEC HIGH WRITEUP
Android 8.0-11 - Tapjacking/Overlay Attack via GrantCredentialsPermissionActivity
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814.
CVSS 7.3