Google Security Research

1,215 exploits Active since May 2013
CVE-2017-7228 EXPLOITDB HIGH text WORKING POC
Xen 4.4.x-4.8.x - Improper Validation of Array Index in XENMEM_exchange
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.
CVSS 8.2
CVE-2017-3558 EXPLOITDB HIGH text WORKING POC
Oracle VM VirtualBox <5.0.38-5.1.20 - RCE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).
CVSS 8.5
CVE-2017-2490 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution or Denial of Service in Kernel
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 7.8
CVE-2017-7047 EXPLOITDB HIGH text WORKING POC
Apple <10.3.3, <10.12.6, <10.2.2, <3.2.3 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS 8.8
CVE-2017-7004 EXPLOITDB HIGH c WORKING POC
Apple <10.3.2, <10.12.5 - Privilege Escalation
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.
CVSS 7.0
CVE-2016-7661 EXPLOITDB HIGH text WORKING POC
iPhone OS < 10.2 and macOS < 10.12.2 - Local Privilege Escalation via Power Management Mach Port Name References
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
CVSS 7.8
CVE-2016-1757 EXPLOITDB HIGH text WORKING POC
Apple iOS <9.3 & OS X <10.11.4 - RCE
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.0
CVE-2018-4241 EXPLOITDB HIGH text WORKING POC
Apple tvOS < 11.4 - Kernel Buffer Overflow in mptcp_usr_connectx
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS 7.8
EIP-2026-103748 EXPLOITDB text WORKING POC
Wireshark - wtap_optionblock_free Use-After-Free
CVE-2015-8739 EXPLOITDB MEDIUM text WORKING POC
Wireshark 2.0.x - Denial of Service via IPMI Dissector Packet Scope Access
The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
CVSS 5.5
EIP-2026-103747 EXPLOITDB text WORKING POC
Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow
EIP-2026-103746 EXPLOITDB text WORKING POC
Wireshark - print_hex_data_buffer / print_packet Use-After-Free
CVE-2015-8728 EXPLOITDB MEDIUM text WORKING POC
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via Mobile Identity Parser
The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.
CVSS 5.5
CVE-2015-8735 EXPLOITDB MEDIUM text WORKING POC
Wireshark 2.0.x - Denial of Service via Bluetooth Attribute Dissector Integer Overflow
The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.
CVSS 5.5
EIP-2026-103745 EXPLOITDB text WORKING POC
Wireshark - iseries_parse_packet Heap Buffer Overflow
EIP-2026-103744 EXPLOITDB text WORKING POC
Wireshark - hiqnet_display_data Static Out-of-Bounds Read
EIP-2026-103743 EXPLOITDB text WORKING POC
Wireshark - getRate Stack Out-of-Bounds Read
CVE-2015-8726 EXPLOITDB MEDIUM text WORKING POC
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via VeriWave File Parser
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
CVSS 5.5
CVE-2015-8736 EXPLOITDB MEDIUM text WORKING POC
Wireshark 2.0.x - Denial of Service via MP2T File Parser Stack-Based Buffer Overflow
The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.
CVSS 5.5
EIP-2026-103742 EXPLOITDB text WRITEUP
Wireshark - ett_zbee_zcl_pwr_prof_enphases Static Out-of-Bounds Read
EIP-2026-103741 EXPLOITDB text WRITEUP
Wireshark - erf_meta_read_tag SIGSEGV
CVE-2015-8732 EXPLOITDB MEDIUM text WORKING POC
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via ZigBee ZCL Dissector
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
CVSS 5.5
EIP-2026-103740 EXPLOITDB text WORKING POC
Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow
EIP-2026-103739 EXPLOITDB text WORKING POC
Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read
EIP-2026-103738 EXPLOITDB text WRITEUP
Wireshark - dissect_oml_attrs Static Out-of-Bounds Read