nanopathi

58 exploits Active since Jun 2020
CVE-2021-0340 NOMISEC HIGH WRITEUP
Android 10 - Unredacted Location Information Leak in IsoInterface.java
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286
CVSS 8.8
CVE-2021-0391 NOMISEC HIGH WRITEUP
Android - Unauthenticated Account Existence Disclosure via Tapjacking Overlay Attack
In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550
CVSS 7.8
CVE-2021-0394 NOMISEC MEDIUM
Android - Out-of-bounds Read in android_os_Parcel_readString8
In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172655291
CVSS 5.5
CVE-2021-0431 NOMISEC HIGH WRITEUP
Android - Out-of-bounds Read in avrc_msg_cback
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901
CVSS 7.5
CVE-2021-0435 NOMISEC HIGH WRITEUP
Android - Remote Information Disclosure via Uninitialized Data in avrc_proc_vendor_command
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451
CVSS 7.5
CVE-2021-0437 NOMISEC HIGH WRITEUP
Android - Double Free in DrmPlugin.cpp
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330
CVSS 7.8
CVE-2021-0476 NOMISEC HIGH WRITEUP
Android - Use-After-Free via Race Condition in FindOrCreatePeer
In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501
CVSS 7.0
CVE-2021-0508 NOMISEC HIGH WRITEUP
Android 8.1-11 - Use-After-Free via Race Condition in DrmPlugin.cpp
In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154
CVSS 7.0
CVE-2021-0513 NOMISEC HIGH WORKING POC
Android 8.1-11 - Unauthenticated Permission Bypass via NotificationManagerService State Validation
In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809
CVSS 7.8
CVE-2021-0519 NOMISEC HIGH WRITEUP
Android - Out-of-bounds Write in BITSTREAM_FLUSH
In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-176533109
CVSS 7.8
CVE-2021-0520 NOMISEC HIGH WRITEUP
Android 10-11 - Use-After-Free via Race Condition in MemoryFileSystem
In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595
CVSS 7.0
CVE-2021-0522 NOMISEC HIGH WORKING POC
Android -11, Android-9, Android-10 - Use After Free
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139
CVSS 7.5
CVE-2021-0586 NOMISEC HIGH WRITEUP
Android - Tapjacking/Overlay Attack via DevicePickerFragment
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-182584940
CVSS 7.8
CVE-2021-0683 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation
In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942
CVSS 7.8
CVE-2021-0954 NOMISEC HIGH WORKING POC
Android - Tapjacking/Overlay Attack in ResolverActivity
In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931
CVSS 7.3
CVE-2021-0326 NOMISEC HIGH STUB
Android - Out-of-bounds Write in p2p_copy_client_info
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525
CVSS 7.5
CVE-2020-25705 NOMISEC HIGH WRITEUP
Linux Kernel < 5.10.0 - UDP Port Scan via ICMP Packet Source Port Prediction
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
CVSS 7.4
CVE-2020-0241 NOMISEC HIGH WORKING POC
Android - Use-After-Free in NuPlayerStreamListener
In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667
CVSS 7.8
CVE-2020-0227 NOMISEC HIGH WORKING POC
Android 8.0-10 - Unauthenticated Permissions Bypass in CompanionDeviceManagerService
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618
CVSS 7.8
CVE-2020-0225 NOMISEC CRITICAL WORKING POC
Android <10 - Remote Code Execution
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668
CVSS 9.8
CVE-2020-14381 NOMISEC HIGH WRITEUP
Linux Kernel < 5.6 - Use-After-Free in Futex Implementation
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS 7.8
CVE-2020-0183 NOMISEC HIGH WORKING POC
Android 10 - Local Privilege Escalation via BluetoothManagerService Incomplete Reset
In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479
CVSS 7.8
CVE-2020-0160 NOMISEC HIGH WORKING POC
Android 10 - Denial of Service via Missing Bounds Check in SampleTable.cpp
In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124771364
CVSS 8.8
CVE-2020-0463 NOMISEC HIGH WORKING POC
Android - Out-of-bounds Read in Bluetooth SDP Server
In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531
CVSS 7.5
CVE-2020-0458 NOMISEC HIGH WORKING POC
Android 8.0-10 - Remote Code Execution via Integer Overflow in SPDIFEncoder
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164
CVSS 7.8