Google Security Research

1,215 exploits Active since May 2013
CVE-2019-2215 EXPLOITDB HIGH text WORKING POC
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVSS 7.8
CVE-2018-9488 EXPLOITDB HIGH text WORKING POC
Android 8.0-9.0 - Incorrect Authorization in SELinux crash_dump.te Permissions
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.
CVSS 7.8
EIP-2026-100049 EXPLOITDB text WORKING POC
WhatsApp - RTP Processing Heap Corruption
EIP-2026-100048 EXPLOITDB text WORKING POC
WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM
CVE-2018-10751 EXPLOITDB MEDIUM text WORKING POC
Samsung Mobile - Memory Corruption via OMACP WbXml String Extension Processing
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
CVSS 5.3
CVE-2015-7898 EXPLOITDB MEDIUM text WORKING POC
Samsung Galaxy S6 - Denial of Service in Samsung Gallery GIF Parser
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVSS 5.5
CVE-2015-7895 EXPLOITDB MEDIUM text WORKING POC
Samsung Gallery on Samsung Galaxy S6 - Denial of Service via Bitmap Decoding
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVSS 5.5
EIP-2026-100047 EXPLOITDB text WORKING POC
Samsung Galaxy S6 - libQjpeg je_free Crash
CVE-2015-7896 EXPLOITDB MEDIUM text WORKING POC
Samsung Galaxy S6 <Oct 2015 - Memory Corruption
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
CVSS 6.5
CVE-2015-7897 EXPLOITDB text WORKING POC
Samsung Galaxy S6 Edge - Memory Corruption
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.
EIP-2026-100046 EXPLOITDB text WORKING POC
Samsung Galaxy S6 - 'android.media.process' 'MdConvertLine' Face Recognition Memory Corruption
CVE-2015-7891 EXPLOITDB HIGH text WORKING POC
Samsung Graphics 2D driver - Memory Corruption
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
CVSS 7.0
EIP-2026-100045 EXPLOITDB java WORKING POC
Samsung Devices KNOX Extensions - OTP TrustZone Trustlet Stack Buffer Overflow
EIP-2026-100044 EXPLOITDB java WORKING POC
Samsung Devices KNOX Extensions - OTP Service Heap Overflow
CVE-2017-13236 EXPLOITDB HIGH text WORKING POC
Android 8.0-8.1 - Incorrect Permission Assignment for Critical Resource in KeyStore Service
In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.
CVSS 7.8
CVE-2015-7889 EXPLOITDB MEDIUM text WORKING POC
Android < 5.1.1 - Information Disclosure via Weak Email Composer Intent Permissions
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
CVSS 5.5
CVE-2015-7894 EXPLOITDB HIGH text WORKING POC
Samsung Galaxy S6 Edge Firmware - Remote Code Execution via Crafted JPG Image
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
CVSS 8.8
CVE-2015-7890 EXPLOITDB MEDIUM text WORKING POC
Exynos Seiren Audio < - Buffer Overflow
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.
CVSS 5.5
CVE-2015-7892 EXPLOITDB HIGH text WORKING POC
Samsung m2m1shot_driver - Stack-based Buffer Overflow via ioctl Call
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
CVSS 7.8
CVE-2019-10529 EXPLOITDB HIGH text WORKING POC
Qualcomm Snapdragon Firmware - Use-After-Free via Race Condition in set_page_dirty()
Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
CVSS 8.1
EIP-2026-100043 EXPLOITDB c WORKING POC
Qualcomm Adreno GPU MSM Driver - perfcounter Query Heap Overflow
EIP-2026-100042 EXPLOITDB text WORKING POC
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
EIP-2026-100041 EXPLOITDB text WORKING POC
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
EIP-2026-100040 EXPLOITDB text WRITEUP
LG MRA58K - 'ASFParser::SetMetaData' Stack Overflow
EIP-2026-100039 EXPLOITDB text WORKING POC
LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking