uthrasri

40 exploits Active since Aug 2014
CVE-2021-21401 NOMISEC HIGH STUB
Nanopb <0.3.9.8-0.4.5 - Memory Corruption
Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds.
CVSS 7.1
CVE-2020-0201 NOMISEC CRITICAL WORKING POC
Android 10 - Credential Leak via WifiConfigController Confused Deputy
In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143601727
CVSS 9.8
CVE-2019-16746 NOMISEC CRITICAL WORKING POC
Linux kernel <5.2.17 - Buffer Overflow
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
CVSS 9.8
CVE-2019-17666 NOMISEC HIGH WORKING POC
Linux Kernel < 3.16.77 - Buffer Overflow in rtl_p2p_noa_ie
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVSS 8.8
CVE-2019-25162 NOMISEC HIGH WRITEUP
Linux Kernel 4.3.0-4.14.291 - Use-After-Free in I2C Adapter Structure
In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag]
CVSS 7.8
CVE-2018-14881 NOMISEC HIGH STUB
tcpdump < 4.9.3 - Out-of-bounds Read in BGP Parser
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
CVSS 7.5
CVE-2014-3566 NOMISEC LOW WORKING POC
SSL/TLS Version Detection
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVSS 3.4
CVE-2014-3570 NOMISEC WORKING POC
OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - Cryptographic Protection Bypass via BN_sqr BIGNUM Calculation
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
CVE-2014-5139 NOMISEC WORKING POC
OpenSSL 1.0.1 - Denial of Service via SRP Ciphersuite ServerHello Message
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
CVE-2014-5139 NOMISEC WORKING POC
OpenSSL 1.0.1 - Denial of Service via SRP Ciphersuite ServerHello Message
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
CVE-2014-8275 NOMISEC WORKING POC
OpenSSL < 0.9.8zd 1.0.0 < 1.0.0p 1.0.1 < 1.0.1k - Certificate Blacklist Bypass via Unsigned Certificate Data
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
CVE-2014-8275 NOMISEC WORKING POC
OpenSSL < 0.9.8zd 1.0.0 < 1.0.0p 1.0.1 < 1.0.1k - Certificate Blacklist Bypass via Unsigned Certificate Data
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
CVE-2014-3570 NOMISEC STUB
OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - Cryptographic Protection Bypass via BN_sqr BIGNUM Calculation
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
CVE-2014-3570 NOMISEC STUB
OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - Cryptographic Protection Bypass via BN_sqr BIGNUM Calculation
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
CVE-2014-3570 NOMISEC STUB
OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - Cryptographic Protection Bypass via BN_sqr BIGNUM Calculation
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.