Nomisec Exploits

22,699 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-39593 NOMISEC MEDIUM
MariaDB - Authenticated Command Injection via sys_exec Function
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
by Ant1sec-ops
2 stars
CVSS 5.6
CVE-2023-26785 NOMISEC CRITICAL
MariaDB 10.5 - Remote Code Execution via UDF Shared Object File
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
by Ant1sec-ops
3 stars
CVSS 9.8
CVE-2024-48644 NOMISEC MEDIUM
Reolink Duo 2 WiFi Camera v3.0.0.1889_23031701 - Info Disclosure
Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such as brute-forcing of passwords. The vulnerability arises from the application responding differently to login attempts with valid and invalid usernames.
by rosembergpro
CVSS 5.3
CVE-2023-6241 NOMISEC HIGH
Arm Ltd GPU Kernel - Use After Free
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.
by SmileTabLabo
14 stars
CVSS 7.0
CVE-2024-9234 NOMISEC CRITICAL
GutenKit < 2.1.0 - Unauthenticated Arbitrary File Upload via install-active-plugin Endpoint
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.
by RandomRobbieBF
2 stars
CVSS 9.8
CVE-2024-47176 NOMISEC MEDIUM
OpenPrinting cups-browsed - Attacker-Controlled IPP Request Server-Side Request Forgery
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
by gianlu111
1 stars
CVSS 5.3
CVE-2022-35914 NOMISEC CRITICAL
GLPI htmLawed php command injection
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
by senderend
3 stars
CVSS 9.8
CVE-2024-9680 NOMISEC CRITICAL
Firefox < 131.0.2 and ESR < 128.3.1 and ESR < 115.16.1 - Use-After-Free in Animation Timelines
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
by tdonaworth
11 stars
CVSS 9.8
CVE-2022-20409 NOMISEC MEDIUM
Android - Use-After-Free in io_uring io_identity_cow
In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel
by Markakd
201 stars
CVSS 6.7
CVE-2023-46371 NOMISEC CRITICAL
TP-Link TL-WDR7660 <2.0.30 & TL-WR886N <2.0.12 - Buffer Overflow
TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.
by Jianchun-Ding
CVSS 9.8
CVE-2018-15473 NOMISEC MEDIUM
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by NestyF
CVSS 5.3
CVE-2023-38408 NOMISEC CRITICAL
OpenSSH < 9.3p2 - Remote Code Execution via PKCS#11 Untrusted Search Path
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
by fazilbaig1
CVSS 9.8
CVE-2024-40662 NOMISEC HIGH
Android - Local Privilege Escalation via Malformed Uri Object
In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
by bb33bb
CVSS 7.8
CVE-2023-6350 NOMISEC HIGH
Google Chrome <119.0.6045.199 - Use After Free
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
by dywsy21
CVSS 8.8
CVE-2024-40676 NOMISEC HIGH
Android - Local Privilege Escalation via Confused Deputy in AccountManagerService
In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
by CrackerCat
1 stars
CVSS 7.7
CVE-2023-6319 NOMISEC CRITICAL
webOS <5.30.40, <6.3.3-442 - Command Injection
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA  * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA  * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB  * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
by illixion
50 stars
CVSS 9.1
CVE-2024-30090 NOMISEC HIGH
Microsoft Streaming Service - Privilege Escalation
Microsoft Streaming Service Elevation of Privilege Vulnerability
by Dor00tkit
108 stars
CVSS 7.0
CVE-2024-6778 NOMISEC HIGH
Google Chrome <126.0.6478.182 - RCE
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
by ading2210
97 stars
CVSS 7.5
CVE-2021-31166 NOMISEC CRITICAL
Windows IIS HTTP Protocol Stack DOS
HTTP Protocol Stack Remote Code Execution Vulnerability
by corelight
13 stars
CVSS 9.8
CVE-2024-40711 NOMISEC CRITICAL
Veeam Backup & Replication 12.0.0.1420 through 12.2.0.334 - Deserialization RCE
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
by realstatus
42 stars
CVSS 9.8
CVE-2024-40431 NOMISEC HIGH
Realtek <10.0.26100.21374 - Memory Corruption
A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user.
by SpiralBL0CK
45 stars
CVSS 8.8
CVE-2022-25479 NOMISEC MEDIUM
Realtek RtsPer/RtsUer Kernel Memory Leak via PCIe/USB Drivers
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
by SpiralBL0CK
45 stars
CVSS 5.5
CVE-2021-40539 NOMISEC CRITICAL
ManageEngine ADSelfService Plus CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
by Bu0uCat
2 stars
CVSS 9.8
CVE-2013-5211 NOMISEC
NTP Monitor List Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
by requiempentest
CVE-2013-5211 NOMISEC
NTP Monitor List Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
by requiempentest