tea9

4 exploits Active since Dec 2017
CVE-2020-0096 NOMISEC HIGH WORKING POC
Android 8.0-9 - Local Privilege Escalation via Confused Deputy in ActivityStartController
In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109
13 stars
CVSS 7.8
CVE-2017-13156 NOMISEC HIGH WORKING POC
Android Janus APK Signature bypass
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
12 stars
CVSS 7.8
CVE-2020-0014 NOMISEC MEDIUM WORKING POC
Android 8.0-10 - Unauthenticated Privilege Escalation via TYPE_TOAST Window Injection
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520
7 stars
CVSS 5.5
CVE-2020-0114 NOMISEC HIGH WORKING POC
Android 10 - Local Privilege Escalation via KeyguardSliceProvider PendingIntent
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347
7 stars
CVSS 7.8