Google Security Research

1,215 exploits Active since May 2013
EIP-2026-100021 EXPLOITDB c WORKING POC
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
EIP-2026-100020 EXPLOITDB python WORKING POC
Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download
CVE-2018-9515 EXPLOITDB HIGH text WORKING POC
Android - Memory Corruption in sdcardfs inode Operations
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A
CVSS 7.8
CVE-2017-13216 EXPLOITDB HIGH text WORKING POC
Android - Out-of-bounds Write in ashmem_ioctl
In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.
CVSS 7.8
CVE-2017-13209 EXPLOITDB HIGH text WORKING POC
Android 8.0-8.1 - Unauthenticated Missing Authorization in ServiceManager::add
In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907.
CVSS 7.8
CVE-2019-2023 EXPLOITDB HIGH text WORKING POC
Android 8.0-9 - Insecure Permission Assignment in ServiceManager::add
In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its own service, gaining code execution in a privileged process.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-121035042Upstream kernel
CVSS 7.8
CVE-2019-2025 EXPLOITDB HIGH text WORKING POC
Android - Use-After-Free in binder_thread_read
In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel
CVSS 7.8
CVE-2019-1999 EXPLOITDB HIGH text WORKING POC
Android - Use-After-Free in Binder Allocator
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
CVSS 7.8
CVE-2019-2000 EXPLOITDB HIGH text WRITEUP
Android - Use-After-Free in binder.c
In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.
CVSS 7.8
EIP-2026-100075 EXPLOITDB text WORKING POC
Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read
CVE-2015-7893 EXPLOITDB HIGH python WORKING POC
Samsung Galaxy S6 - Remote Code Execution via HTML Email Content
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
CVSS 8.8
EIP-2026-100067 EXPLOITDB python WORKING POC
Outlook for Android - Attachment Download Directory Traversal
CVE-2016-3861 EXPLOITDB HIGH text WORKING POC
Android <4.4.4, <5.0.2, <5.1.1, <2016-09-01 - RCE
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
CVSS 7.8
CVE-2015-3864 EXPLOITDB python WORKING POC
Android < 5.1.1 - Remote Code Execution via Crafted MPEG-4 Data
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
CVE-2016-6707 EXPLOITDB HIGH text WORKING POC
Android 6.x-7.0 - Privilege Escalation via System Server
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.
CVSS 7.8