Nomisec Exploits

22,778 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-4543 NOMISEC MEDIUM
Linux Kernel - KASLR Base Leak via EntryBleed TLB Prefetch Side-Channel
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
by sunichi
3 stars
CVSS 5.5
CVE-2022-22965 NOMISEC CRITICAL
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by ESSAFAR
CVSS 9.8
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by felixslama
CVSS 10.0
CVE-2020-0022 NOMISEC HIGH
Android 8.0-10 - Remote Code Execution via Bluetooth Packet Fragment Reassembly
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
by themmokhtar
19 stars
CVSS 8.8
CVE-2021-43798 NOMISEC HIGH
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
by Iris288
CVSS 7.5
CVE-2023-4357 NOMISEC HIGH
Google Chrome <116.0.5845.96 - Auth Bypass
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
by passwa11
CVSS 8.8
CVE-2023-40600 NOMISEC MEDIUM
EWWW Image Optimizer <7.2.0 - Info Disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.
by RandomRobbieBF
CVSS 5.3
CVE-2017-7921 NOMISEC CRITICAL
Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530 - Improper Authentication
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
by b3pwn3d
CVSS 9.8
CVE-2023-48034 NOMISEC MEDIUM
Acer SK-9662 Firmware - Inadequate Encryption Strength
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
by aprkr
1 stars
CVSS 6.1
CVE-2023-1177 NOMISEC CRITICAL
MLflow < 2.2.1 - Path Traversal via Backslash Sequence
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
by SpycioKon
CVSS 9.3
CVE-2023-4966 NOMISEC CRITICAL
Citrix NetScaler ADC/Gateway 12.1-55.300/13.0-92.19 Info Disclosure
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.
by s-bt
CVSS 9.4
CVE-2019-9053 NOMISEC HIGH
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by byrek
CVSS 8.1
CVE-2021-41773 NOMISEC CRITICAL
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
by Iris288
1 stars
CVSS 9.8
CVE-2023-46604 NOMISEC CRITICAL
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
by minhangxiaohui
1 stars
CVSS 10.0
CVE-2023-49003 NOMISEC MEDIUM
Simple Mobile Tools Simple Dialer <5.18.1 - Auth Bypass
An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
by actuator
1 stars
CVSS 5.3
CVE-2019-0567 NOMISEC HIGH
ChakraCore - Remote Code Execution via Memory Corruption in Scripting Engine
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
by NatteeSetobol
CVSS 7.5
CVE-2022-44877 NOMISEC CRITICAL
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
by rhymsc
CVSS 9.8
CVE-2022-20338 NOMISEC LOW
Android 11-12L - Local Privilege Escalation via HierarchicalUri.readFrom Input Validation
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
by Trinadh465
1 stars
CVSS 3.3
CVE-2023-46604 NOMISEC CRITICAL
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
by NKeshawarz
2 stars
CVSS 10.0
CVE-2023-21109 NOMISEC HIGH
Android 11-13 - Local Privilege Escalation via AccessibilityService Logic Error
In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
by Trinadh465
CVSS 7.8
CVE-2023-21109 NOMISEC HIGH
Android 11-13 - Local Privilege Escalation via AccessibilityService Logic Error
In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
by Trinadh465
CVSS 7.8
CVE-2022-20338 NOMISEC LOW
Android 11-12L - Local Privilege Escalation via HierarchicalUri.readFrom Input Validation
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
by Trinadh465
CVSS 3.3
CVE-2023-2982 NOMISEC CRITICAL
WordPress Social Login and Register <= 7.6.4 - Authentication Bypass via Insufficient Encryption
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
by wshinkle
CVSS 9.8
CVE-2023-32571 NOMISEC CRITICAL
System.Linq.Dynamic.Core 1.0.7.10-1.2.25 - Remote Code Execution via Untrusted Input Parsing
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
by vert16x
CVSS 9.8
CVE-2023-31320 NOMISEC HIGH
AMD Radeon Software - Denial of Service via Improper Input Validation
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.
by whypet
6 stars
CVSS 7.5