Google Security Research

1,215 exploits Active since May 2013
CVE-2019-9813 EXPLOITDB HIGH text WRITEUP
Firefox < 66.0.1 - Memory Corruption
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVSS 8.8
EIP-2026-103652 EXPLOITDB c WORKING POC
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine
CVE-2018-5159 EXPLOITDB CRITICAL html WORKING POC
Skia - Buffer Overflow
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVSS 9.8
EIP-2026-103651 EXPLOITDB text WORKING POC
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
CVE-2018-6126 EXPLOITDB HIGH text WORKING POC
Google Chrome <67.0.3396.62 - Memory Corruption
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVSS 8.8
EIP-2026-103644 EXPLOITDB text WORKING POC
Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption
CVE-2015-3214 EXPLOITDB text WORKING POC
Linux kernel <2.6.33 & QEMU <2.3.1 - Use After Free
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
EIP-2026-103627 EXPLOITDB text WRITEUP
pdfium IsFlagSet (v8 memory management) - SIGSEGV
EIP-2026-103626 EXPLOITDB text WRITEUP
Pdfium - Pattern Shading Integer Overflows
EIP-2026-103625 EXPLOITDB text WORKING POC
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace
EIP-2026-103624 EXPLOITDB text WRITEUP
pdfium - opj_t2_read_packet_header 'libopenjpeg' Heap Use-After-Free
EIP-2026-103623 EXPLOITDB text WRITEUP
pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read
EIP-2026-103622 EXPLOITDB text WRITEUP
pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read
CVE-2015-6787 EXPLOITDB text WORKING POC
Google Chrome < 46.0.2490.86 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-6787 EXPLOITDB text WORKING POC
Google Chrome < 46.0.2490.86 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-6787 EXPLOITDB text WORKING POC
Google Chrome < 46.0.2490.86 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2017-3561 EXPLOITDB HIGH text WORKING POC
Oracle VM VirtualBox <5.0.38-5.1.20 - RCE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 8.8
CVE-2017-3575 EXPLOITDB HIGH text WORKING POC
Oracle VM VirtualBox <5.0.38-5.1.20 - Privilege Escalation
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).
CVSS 7.9
CVE-2017-3587 EXPLOITDB HIGH c++ WORKING POC
Oracle VM VirtualBox <5.0.38 & <5.1.20 - RCE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).
CVSS 8.4
CVE-2019-2697 EXPLOITDB HIGH text WORKING POC
Oracle JDK 7u211 and 8u202 - Unauthenticated Remote Code Execution via Multiple Protocols
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 8.1
CVE-2019-2698 EXPLOITDB HIGH text WRITEUP
Oracle JDK 7u211 and 8u202 - Unauthenticated Remote Code Execution via 2D Subcomponent
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 8.1
CVE-2015-5116 EXPLOITDB text WORKING POC
Adobe Flash Player < 13.0.0.289 and 14.x-18.x < 18.0.0.203 - Same Origin Policy Bypass
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125.
CVE-2015-1158 EXPLOITDB text WRITEUP
CUPS < 2.0.3 - Remote Code Execution via IPP Job Request
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
CVE-2016-0998 EXPLOITDB HIGH text WRITEUP
Adobe Flash Player <18.0.0.333 & 19.x-21.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.
CVSS 8.8
CVE-2018-4435 EXPLOITDB HIGH text WORKING POC
iPhone OS < 12.1.1, macOS < 10.14.2, tvOS < 12.1.1, watchOS < 5.1.2 - Logic Issue
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVSS 7.8