Google Security Research

1,215 exploits Active since May 2013
CVE-2017-3078 EXPLOITDB CRITICAL text WORKING POC
Adobe Flash Player <= 25.0.0.171 - Memory Corruption in ATF Module
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.
CVSS 9.8
CVE-2016-4138 EXPLOITDB CRITICAL text WORKING POC
Adobe Flash Player <=21.0.0.242 - Fourth Exploit-Referenced Impact Unknown
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVSS 9.8
CVE-2016-4108 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <=21.0.0.213 addProperty - Use-After-Free
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVSS 7.5
CVE-2015-5134 EXPLOITDB text WORKING POC
Adobe Flash Player < 11.2.202.491 and < 18.0.0.232 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
CVE-2015-7645 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <18.0.0.252-19.0.0.207 & 11.2.202.535 - RCE
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
CVSS 7.8
CVE-2019-8663 EXPLOITDB MEDIUM text WORKING POC
iPhone OS < 12.4 and macOS < 10.14.6 - Memory Leak
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.
CVSS 5.3
EIP-2026-103578 EXPLOITDB javascript WORKING POC
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
CVE-2019-11707 EXPLOITDB HIGH text WORKING POC
Firefox < 60.7.1, < 67.0.3 and Thunderbird < 60.7.2 - Type Confusion via Array.pop
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
CVSS 8.8
CVE-2017-5447 EXPLOITDB CRITICAL html WORKING POC
Debian Linux < 45.9.0 - Use After Free
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVSS 9.1
CVE-2017-5465 EXPLOITDB CRITICAL html WORKING POC
Debian Linux < 45.9.0 - Out-of-Bounds Read
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVSS 9.1
CVE-2017-5404 EXPLOITDB CRITICAL html WORKING POC
Debian Linux < 45.8.0 - Use After Free
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
CVSS 9.8
CVE-2016-0170 EXPLOITDB HIGH text WORKING POC
Microsoft Windows - Remote Code Execution via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."
CVSS 8.8
EIP-2026-103541 EXPLOITDB text WORKING POC
macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image
EIP-2026-103540 EXPLOITDB text WORKING POC
macOS/iOS - JavaScript Injection Bug in OfficeImporter
CVE-2019-6205 EXPLOITDB HIGH c WORKING POC
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2 - Out-of-bounds Write
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
CVSS 7.8
CVE-2019-6214 EXPLOITDB HIGH c WORKING POC
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2, watchOS < 5.1.3 - Sandbox Escape via Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
CVSS 8.6
CVE-2019-6213 EXPLOITDB HIGH c WORKING POC
iPhone OS < 12.1.3 - Remote Code Execution via Buffer Overflow
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.
CVSS 7.8
CVE-2019-6218 EXPLOITDB HIGH c WORKING POC
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2 - Out-of-bounds Write
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.
CVSS 7.8
CVE-2019-8662 EXPLOITDB CRITICAL text WRITEUP
iPhone OS < 12.4 - Use-After-Free via Untrusted NSDictionary Deserialization
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
CVSS 9.8
CVE-2019-8671 EXPLOITDB HIGH text WORKING POC
iCloud < 7.13 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2019-8672 EXPLOITDB HIGH text WORKING POC
iCloud < 7.13 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2019-8820 EXPLOITDB HIGH text WORKING POC
iCloud < 7.15 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2019-8765 EXPLOITDB HIGH text WORKING POC
watchOS < 6.1 - Remote Code Execution via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS 8.8
CVE-2019-6209 EXPLOITDB MEDIUM c WORKING POC
iPhone OS < 12.1.3, macOS < 10.14.3, tvOS < 12.1.2, watchOS < 5.1.3 - Out-of-bounds Read
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
CVSS 5.5
CVE-2020-3837 EXPLOITDB HIGH text WRITEUP
iPadOS < 13.3.1 - Out-of-bounds Write
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
CVSS 7.8