Google Security Research

1,215 exploits Active since May 2013
CVE-2018-18557 EXPLOITDB HIGH c WORKING POC
Libtiff - Out-of-Bounds Write
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
CVSS 8.8
EIP-2026-102631 EXPLOITDB text WORKING POC
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons
CVE-2018-12904 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.17.2 - Denial of Service
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
CVSS 4.9
EIP-2026-102617 EXPLOITDB text WORKING POC
Google Chrome - GPU Process MailboxManagerImpl Double-Read
EIP-2026-102615 EXPLOITDB text WRITEUP
gnutls 3.6.6 - 'verify_crt()' Use-After-Free
CVE-2015-7547 EXPLOITDB HIGH text WORKING POC
GNU C Library <2.23 - Buffer Overflow
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVSS 8.1
CVE-2018-10906 EXPLOITDB MEDIUM c WORKING POC
Debian Linux < 2.9.8 - Improper Authorization
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
CVSS 5.3
EIP-2026-102595 EXPLOITDB text WORKING POC
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads
EIP-2026-102594 EXPLOITDB text WRITEUP
Foxit PDF Reader 1.0.1.0925 - kdu_core::kdu_codestream::get_subsampling Memory Corruption
EIP-2026-102593 EXPLOITDB text WRITEUP
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption
EIP-2026-102592 EXPLOITDB text WRITEUP
Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read
EIP-2026-102591 EXPLOITDB text WRITEUP
Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read
EIP-2026-102590 EXPLOITDB text WRITEUP
Foxit PDF Reader 1.0.1.0925 - CFX_BaseSegmentedArray::IterateIndex Memory Corruption
CVE-2015-3042 EXPLOITDB text WRITEUP
Adobe Flash Player <14.x - Memory Corruption
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043.
EIP-2026-102558 EXPLOITDB c WORKING POC
AppArmor securityfs < 4.8 - 'aa_fs_seq_hash_show' Reference Count Leak
CVE-2015-5548 EXPLOITDB text WORKING POC
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
CVE-2015-5544 EXPLOITDB text WORKING POC
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
CVE-2015-5547 EXPLOITDB text WORKING POC
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
CVE-2018-12827 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <30.0.0.134 - Info Disclosure
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVSS 7.5
CVE-2015-5545 EXPLOITDB text WORKING POC
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
EIP-2026-102803 EXPLOITDB text WRITEUP
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket
CVE-2017-15595 EXPLOITDB HIGH text WORKING POC
Xen < 4.9.0 - Denial of Service
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVSS 8.8
CVE-2017-2521 EXPLOITDB HIGH javascript WORKING POC
Apple Iphone OS < 10.3.2 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
EIP-2026-102755 EXPLOITDB python WORKING POC
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
CVE-2019-15794 EXPLOITDB HIGH text WORKING POC
Linux kernel - Use After Free
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
CVSS 7.1