codecat007

166 exploits Active since May 2014
CVE-2016-3866 GITHUB HIGH c WORKING POC
Qualcomm sound driver - Privilege Escalation
The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.
8 stars
CVSS 7.8
CVE-2016-3901 GITHUB HIGH c WORKING POC
Qualcomm cryptographic engine driver - Privilege Escalation
Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999161 and Qualcomm internal bug CR 1046434.
8 stars
CVSS 7.8
CVE-2016-3940 GITHUB HIGH c WORKING POC
Synaptics touchscreen - Privilege Escalation
The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991.
8 stars
CVSS 7.8
CVE-2016-5195 GITHUB HIGH c WORKING POC
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
8 stars
CVSS 7.0
CVE-2016-6672 GITHUB HIGH c WORKING POC
Android < 7.0 - Privilege Escalation via Synaptics Touchscreen Driver
The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088.
8 stars
CVSS 7.8
CVE-2016-6690 GITHUB MEDIUM c WORKING POC
Android < 7.0 - Denial of Service via Sound Driver
The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221.
8 stars
CVSS 5.5
CVE-2015-5165 GITHUB c WORKING POC
Xen < 4.5.0 - Uninitialized Memory Exposure via RTL8139 C+ Mode Offload Emulation
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
8 stars
CVE-2015-7504 GITHUB HIGH c WORKING POC
QEMU < 2.4.1 - Heap-Based Buffer Overflow in pcnet_receive
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
8 stars
CVSS 8.8
CVE-2012-6702 GITHUB MEDIUM c WORKING POC
libexpat < 2.2.0 - Hash Collision via srand Function
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
8 stars
CVSS 5.9
CVE-2014-3145 GITHUB c WORKING POC
Linux Kernel < 3.14.3 - Denial of Service via BPF Extension Out-of-bounds Read
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.
8 stars
CVE-2014-9803 GITHUB HIGH c WORKING POC
Linux kernel <3.15-rc5-next-20140519 - Privilege Escalation
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
8 stars
CVSS 7.8
CVE-2015-1805 GITHUB c WORKING POC
Google Android < 3.15.10 - Denial of Service
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
8 stars
CVE-2016-0811 GITHUB HIGH c WORKING POC
Android 6.x - Exposure of Sensitive Information via Integer Overflow in BnCrypto::onTransact
Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.
8 stars
CVSS 7.5
CVE-2016-10229 GITHUB CRITICAL c WORKING POC
Linux Kernel < 4.5 - Remote Code Execution via UDP MSG_PEEK Checksum Calculation
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
8 stars
CVSS 9.8
CVE-2016-2109 GITHUB HIGH c WORKING POC
OpenSSL < 1.0.1s - Denial of Service via ASN.1 BIO Short Invalid Encoding
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
8 stars
CVSS 7.5
CVE-2016-2412 GITHUB HIGH c WORKING POC
Android 4.x < 4.4.4, 5.0.x < 5.0.2, 5.1.x < 5.1.1, 6.x < 2016-04-01 - Privilege Escalation via Skia Crash Mishandling
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.
8 stars
CVSS 7.8
CVE-2016-2419 GITHUB CRITICAL c WORKING POC
Android 6.x - Information Disclosure via Uninitialized Key-Request Data Structure
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
8 stars
CVSS 9.8
CVE-2016-2460 GITHUB MEDIUM c WORKING POC
Android < 4.4.4/5.0.2/5.1.1/2016-05-01 - Information Exposure via Uninitialized Data
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.
8 stars
CVSS 5.5
CVE-2016-2471 GITHUB HIGH c WORKING POC
Qualcomm Wi-Fi - Privilege Escalation
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913.
8 stars
CVSS 7.8
CVE-2016-2482 GITHUB HIGH c WORKING POC
Android mm-video-v4l2 vdec - Privilege Escalation via Buffer Count Mishandling
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749.
8 stars
CVSS 7.8
CVE-2016-3746 GITHUB HIGH c WORKING POC
Android <4.4.4, <5.0.2, <5.1.1, <2016-07-01 - Use After Free
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802.
8 stars
CVSS 7.8
CVE-2016-3747 GITHUB HIGH c WORKING POC
Android <4.4.4, <5.0.2, <5.1.1, <2016-07-01 - Privilege Escalation
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
8 stars
CVSS 7.8
CVE-2016-3818 GITHUB MEDIUM c WORKING POC
Android libc - Denial of Service via Crafted File
libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.
8 stars
CVSS 5.5
CVE-2016-3913 GITHUB HIGH c WORKING POC
Android <4.4.4, <5.0.2, <5.1.1, <2016-10-01 - Privilege Escalation
media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103.
8 stars
CVSS 7.8
CVE-2016-5862 GITHUB HIGH c WORKING POC
Qualcomm - Device Restart
When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.
8 stars
CVSS 7.0