Google Security Research

1,215 exploits Active since May 2013
CVE-2019-8048 EXPLOITDB CRITICAL text WORKING POC
Adobe Acrobat and Reader DC < 15.006.30499, 15.008.20082-19.012.20036 - Memory Corruption
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2019-8195 EXPLOITDB CRITICAL text WORKING POC
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Untrusted Pointer Dereference
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2019-8043 EXPLOITDB HIGH text WORKING POC
Adobe Acrobat and Reader DC < 19.012.20036 - Out-of-bounds Read
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVSS 7.5
CVE-2019-8196 EXPLOITDB CRITICAL text WRITEUP
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Untrusted Pointer Dereference
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2019-8024 EXPLOITDB CRITICAL text WRITEUP
Adobe Acrobat and Reader DC < 15.006.30499 and 15.008.20082-19.012.20036 - Use-After-Free
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2016-1011 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player < 18.0.0.343, 19.x-21.x < 21.0.0.213, < 11.2.202.616 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.
CVSS 8.8
CVE-2019-8050 EXPLOITDB CRITICAL text WORKING POC
Adobe Acrobat and Reader DC < 19.012.20036 - Out-of-bounds Write
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2016-1794 EXPLOITDB HIGH c WORKING POC
macOS < 10.11.5 - Remote Code Execution via AppleGraphicsControlClient::checkArguments
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS 7.8
CVE-2016-1821 EXPLOITDB HIGH c WORKING POC
macOS < 10.11.5 - Remote Code Execution or Denial of Service via Crafted App
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS 7.8
CVE-2016-1793 EXPLOITDB HIGH c WORKING POC
Apple OS X < 10.11.5 - Remote Code Execution or Denial of Service via AppleGraphicsDeviceControlClient
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS 7.8
CVE-2016-1803 EXPLOITDB HIGH c WORKING POC
Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - RCE/DoS
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS 7.8
CVE-2016-1813 EXPLOITDB HIGH c WORKING POC
Apple iOS <9.3.2-OS X <10.11.5-tvOS <9.2.1-watchOS <2.2.1 - RCE/DoS
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVSS 7.8
CVE-2016-1846 EXPLOITDB HIGH c WORKING POC
NVIDIA Graphics Drivers <10.11.5 - RCE/DoS
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
CVSS 7.8
CVE-2015-7047 EXPLOITDB c WORKING POC
watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2015-7078 EXPLOITDB c WORKING POC
macOS < 10.11.2 - Use-After-Free in Hypervisor via VM Objects
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.
CVE-2015-7047 EXPLOITDB c WORKING POC
watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2016-1861 EXPLOITDB HIGH c WORKING POC
macOS < 10.11.5 - Remote Code Execution in NVIDIA Graphics Drivers
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
CVSS 7.8
CVE-2016-1823 EXPLOITDB HIGH c WORKING POC
Apple tvOS < 9.2.1 - Out-of-bounds Read via IOHIDDevice::handleReportWithTime
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
CVSS 7.8
CVE-2016-1755 EXPLOITDB HIGH c WORKING POC
Apple iOS <9.3 - Privilege Escalation
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
CVSS 7.8
CVE-2016-1749 EXPLOITDB HIGH c WORKING POC
Apple OS X < 10.11.4 - Memory Corruption in IOUSBFamily
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2015-7047 EXPLOITDB c WORKING POC
watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
EIP-2026-104554 EXPLOITDB c WORKING POC
Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference
CVE-2015-7068 EXPLOITDB HIGH c WORKING POC
Apple iOS <9.2, macOS <10.11.2, tvOS <9.1, watchOS <2.1 - Denial of Service via IOKit SCSI Userclient Type
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
CVSS 7.8
CVE-2016-1720 EXPLOITDB HIGH c WORKING POC
IOKit <9.2.1-10.11.3-9.1.1 - Privilege Escalation/DoS
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVSS 7.8
CVE-2015-7047 EXPLOITDB c WORKING POC
watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.