Google Security Research

1,215 exploits Active since May 2013
EIP-2026-102846 EXPLOITDB text WRITEUP
Ghostscript - Multiple Vulnerabilities
EIP-2026-102845 EXPLOITDB text WRITEUP
Ghostscript - Multiple Vulnerabilities
CVE-2018-17961 EXPLOITDB HIGH text WORKING POC
Artifex Ghostscript < 9.25 - Error Information Exposure
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
CVSS 8.6
EIP-2026-102837 EXPLOITDB text WORKING POC
FireEye - Malware Input Processor Privilege Escalation
EIP-2026-103038 EXPLOITDB text WORKING POC
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
CVE-2017-4915 EXPLOITDB HIGH c WORKING POC
VMware Workstation Pro/Player - Privilege Escalation
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
CVSS 7.8
CVE-2018-15687 EXPLOITDB HIGH text WORKING POC
Canonical Ubuntu Linux < 240 - Race Condition
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
CVSS 7.0
EIP-2026-103021 EXPLOITDB c WORKING POC
Tor (Linux) - X11 Linux Sandbox Breakout
CVE-2016-9151 EXPLOITDB HIGH text WORKING POC
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
CVSS 7.8
CVE-2016-9151 EXPLOITDB HIGH text WORKING POC
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
CVSS 7.8
CVE-2017-3576 EXPLOITDB HIGH c WORKING POC
Oracle VM VirtualBox <5.0.38-5.1.20 - RCE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 8.8
EIP-2026-102641 EXPLOITDB text WRITEUP
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
EIP-2026-102640 EXPLOITDB c WORKING POC
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
EIP-2026-102639 EXPLOITDB c WORKING POC
Linux - Use-After-Free Reads in show_numa_stats()
EIP-2026-102638 EXPLOITDB c WORKING POC
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition
CVE-2019-11599 EXPLOITDB HIGH text WORKING POC
Linux kernel <5.0.10 - Info Disclosure
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
CVSS 7.0
EIP-2026-102637 EXPLOITDB c WORKING POC
Linux - Kernel Pointer Leak via BPF
EIP-2026-102636 EXPLOITDB text WORKING POC
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
EIP-2026-102635 EXPLOITDB text WORKING POC
Linux - 'page->_refcount' Overflow via FUSE
CVE-2019-6974 EXPLOITDB HIGH text WORKING POC
Linux kernel <4.20.8 - Use After Free
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVSS 8.1
CVE-2018-13405 EXPLOITDB HIGH c WORKING POC
Linux Kernel < 3.16 - Improper Privilege Management
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVSS 7.8
CVE-2016-1838 EXPLOITDB MEDIUM text WORKING POC
libxml2 <2.9.4 - DoS
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVSS 5.5
EIP-2026-102633 EXPLOITDB text WRITEUP
libxml2 - xmlParseEndTag2 Heap Buffer Overread
CVE-2016-1839 EXPLOITDB MEDIUM text WORKING POC
libxml2 <2.9.4 - DoS
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVSS 5.5
EIP-2026-102632 EXPLOITDB text WRITEUP
libxml2 - htmlCurrentChar Heap Buffer Overread