pazhanivel07

24 exploits Active since Jun 2015
CVE-2022-20142 GITLAB HIGH WORKING POC
Android - Local Privilege Escalation
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
CVSS 7.8
CVE-2020-0242 GITLAB HIGH WRITEUP
Android - Use-After-Free in NuPlayerDriver.cpp
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722
CVSS 7.8
CVE-2020-0394 GITLAB HIGH WRITEUP
Android - Tapjacking via BluetoothPairingDialog Insecure Default
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639
CVSS 7.8
CVE-2023-35687 NOMISEC HIGH WORKING POC
Android - Use-After-Free in MtpPropertyValue
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2023-21272 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via URI Permission Grant
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2023-20918 NOMISEC CRITICAL WORKING POC
Android - XML External Entity Injection
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 9.8
CVE-2022-20142 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
CVSS 7.8
CVE-2022-20413 NOMISEC MEDIUM WORKING POC
Android - Local Information Disclosure via Audio Recording Logic Error
In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634
CVSS 5.5
CVE-2022-20007 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via Race Condition in RootWindowContainer
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342
CVSS 7.0
CVE-2021-0474 NOMISEC CRITICAL STUB
Android -11,8.1,9,10 - Buffer Overflow
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958
CVSS 9.8
CVE-2020-27824 NOMISEC MEDIUM WORKING POC
OpenJPEG < 2.4.0 - Out-of-bounds Read in opj_dwt_calc_explicit_stepsizes
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
CVSS 5.5
CVE-2021-0315 NOMISEC HIGH WORKING POC
Android 8.0-11 - Tapjacking/Overlay Attack via GrantCredentialsPermissionActivity
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814.
CVSS 7.3
CVE-2021-0474 NOMISEC CRITICAL STUB
Android -11,8.1,9,10 - Buffer Overflow
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958
CVSS 9.8
CVE-2021-0510 NOMISEC HIGH WRITEUP
Android -<8.1, 9, 10, 11 - Privilege Escalation
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622
CVSS 7.8
CVE-2021-0595 NOMISEC HIGH WORKING POC
Android 8.1-11 - Unauthenticated Work Profile Access via RootWindowContainer Lock Bypass
In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096
CVSS 7.8
CVE-2020-0209 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via AccountManager Permissions Bypass
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206842
CVSS 7.8
CVE-2020-0453 NOMISEC MEDIUM WORKING POC
Android 8.0-9 - Local Information Disclosure via Unsafe PendingIntent in BeamTransferManager
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
CVSS 5.5
CVE-2020-0394 NOMISEC HIGH WORKING POC
Android - Tapjacking via BluetoothPairingDialog Insecure Default
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639
CVSS 7.8
CVE-2020-0394 NOMISEC HIGH WORKING POC
Android - Tapjacking via BluetoothPairingDialog Insecure Default
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639
CVSS 7.8
CVE-2020-0242 NOMISEC HIGH WORKING POC
Android - Use-After-Free in NuPlayerDriver.cpp
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722
CVSS 7.8
CVE-2020-0242 NOMISEC HIGH WORKING POC
Android - Use-After-Free in NuPlayerDriver.cpp
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722
CVSS 7.8
CVE-2020-0219 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via SliceDeepLinkSpringBoard Intent Handling
In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081
CVSS 7.8
CVE-2020-0218 NOMISEC HIGH WORKING POC
Android 10 - Local Privilege Escalation via Race Condition in SoundTriggerHwService
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905
CVSS 7.0
CVE-2015-1788 NOMISEC WORKING POC
OpenSSL < 0.9.8s, 1.0.0 < 1.0.0e, 1.0.1 < 1.0.1n, 1.0.2 < 1.0.2b - Denial of Service via Malformed ECParameters
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.