uthrasri

40 exploits Active since Aug 2014
CVE-2023-21285 NOMISEC MEDIUM STUB
Google Android - Information Disclosure
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
1 stars
CVSS 5.5
CVE-2021-0390 NOMISEC HIGH WRITEUP
Android - Privilege Escalation
In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174749461
1 stars
CVSS 7.8
CVE-2025-26417 NOMISEC MEDIUM STUB
Google Android - Information Disclosure
In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 4.0
CVE-2024-8176 NOMISEC HIGH STUB
libexpat - Buffer Overflow
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
CVSS 7.5
CVE-2024-34739 NOMISEC HIGH WRITEUP
Java - Privilege Escalation
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS 7.8
CVE-2024-34741 NOMISEC HIGH STUB
Android - Privilege Escalation
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2024-2193 NOMISEC MEDIUM WORKING POC
CPU <Speculative Execution - Info Disclosure
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVSS 5.7
CVE-2023-5717 NOMISEC HIGH STUB
Linux Kernel < 3.3 - Out-of-Bounds Write
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
CVSS 7.8
CVE-2024-23708 NOMISEC HIGH WRITEUP
NotificationManagerService - Privilege Escalation
In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2024-0030 NOMISEC MEDIUM WRITEUP
Google Android - Out-of-Bounds Read
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.5
CVE-2024-0040 NOMISEC HIGH STUB
Google Android - Out-of-Bounds Write
In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.5
CVE-2023-40167 NOMISEC MEDIUM WRITEUP
Jetty <9.4.52-12.0.1 - Info Disclosure
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.
CVSS 5.3
CVE-2023-40109 NOMISEC HIGH WORKING POC
Google Android - Incorrect Privilege Assignment
In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS 7.8
CVE-2023-40133 NOMISEC MEDIUM WORKING POC
Google Android - Information Disclosure
In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 5.5
CVE-2023-28588 NOMISEC HIGH
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
CVSS 7.5
CVE-2023-26049 NOMISEC LOW WRITEUP
Jetty - SSRF
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.
CVSS 2.4
CVE-2023-28588 NOMISEC HIGH NO CODE
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
CVSS 7.5
CVE-2023-28588 NOMISEC HIGH NO CODE
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
CVSS 7.5
CVE-2023-28588 NOMISEC HIGH NO CODE
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
CVSS 7.5
CVE-2023-28588 NOMISEC HIGH WORKING POC
Qualcomm Bluetooth Host - Denial of Service via RFC Slot Allocation
Transient DOS in Bluetooth Host while rfc slot allocation.
CVSS 7.5
CVE-2023-33902 NOMISEC MEDIUM NO CODE
Bluetooth Service - Info Disclosure
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVSS 5.5
CVE-2023-21097 NOMISEC HIGH WORKING POC
Android - Privilege Escalation
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325
CVSS 7.8
CVE-2021-28165 NOMISEC HIGH WRITEUP
Eclipse Jetty < 9.4.39 - Improper Exception Handling
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
CVSS 7.5
CVE-2021-0392 NOMISEC HIGH WORKING POC
Android - Memory Corruption
In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730
CVSS 7.8
CVE-2021-0466 NOMISEC HIGH WRITEUP
Android <10 - Info Disclosure
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734
CVSS 7.5