CVE-2020-0096

Android Security Evolution Significant security enchancements of recent major Android versions, starting with Android 50 Lollipop (API 21) Android 50 (API 21) - Lollipop Security Enhancements in Android 50 Starting August 2023, Google Play Services updates will only be received from this Android version see android-developersgoogleblogcom/2023/07/google-play-serv

StrandHogg2 Poc for StrandHogg2 (CVE-2020-0096) Information of the original vulnerability Current Description In startActivities of ActivityStartControllerjava, there is a possible escalation of privilege due to a confused deputy This could lead to local escalation of privilege with no additional execution privileges needed User interaction is not needed for exploitation

StrandHoggAttacks This repository contains the PoC source codes for both StrandHogg attack versions Please use the software for educational purposes only StrandHogg v1 attack: "Towards Discovering and Understanding Task Hijacking in Android" - Chuangang Ren, The Pennsylvania State University; Yulong Zhang, Hui Xue, and Tao Wei, FireEye, Inc; Peng Liu, The Pennsylva

PoC of StrandHogg2 (CVE-2020-0096)

StrandHogg2 Poc for StrandHogg2 (CVE-2020-0096) Information of the original vulnerability Current Description In startActivities of ActivityStartControllerjava, there is a possible escalation of privilege due to a confused deputy This could lead to local escalation of privilege with no additional execution privileges needed User interaction is not needed for exploitation

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka：OSINT工具，将来自shodan、censys等服务的数据集中在一处�

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr