Exploitdb Exploits
3,138 exploits tracked across all sources.
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by Phil Oester
CVSS 7.0
Microsoft Windows XP/Server 2003 - Privilege Escalation
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
by Tomislav Paskalev
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by Robin Verton
CVSS 7.0
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by Phil Oester
CVSS 7.0
Microsoft Windows - Local Privilege Escalation via AFD.sys Input Validation
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
by Tomislav Paskalev
Linux kernel <4.6.5 - Privilege Escalation
The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.
by Vitaly Nikolenko
CVSS 7.8
Linux SELinux - W+X Protection Bypass via AIO
by Google Security Research
Linux Kernel < 4.7.4 - Use-After-Free in tcp_check_send_head
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
by Marco Grassi
CVSS 5.5
AppArmor securityfs < 4.8 - 'aa_fs_seq_hash_show' Reference Count Leak
by Google Security Research
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
by akat1
CVSS 7.8
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
by Vitaly Nikolenko
Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Privilege Escalation
by halfdog
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation
by vnik
Apple tvOS < 9.2.1 - Use-After-Free in IOAccelContext2::clientMemoryForType
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
by Google Security Research
CVSS 7.8
Apple tvOS < 9.2.1 - Out-of-bounds Read via IOHIDDevice::handleReportWithTime
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
by Google Security Research
CVSS 7.8
NVIDIA Graphics Drivers <10.11.5 - RCE/DoS
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
macOS < 10.11.5 - Remote Code Execution or Denial of Service via Crafted App
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
macOS < 10.11.5 - Remote Code Execution via AppleGraphicsControlClient::checkArguments
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
Apple OS X < 10.11.5 - Remote Code Execution or Denial of Service via AppleGraphicsDeviceControlClient
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
Apple iOS <9.3.2-OS X <10.11.5-tvOS <9.2.1-watchOS <2.2.1 - RCE/DoS
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - RCE/DoS
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
macOS < 10.11.5 - Remote Code Execution in NVIDIA Graphics Drivers
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
by Google Security Research
CVSS 7.8
Apple <9.3.2, <10.11.5, <9.2.1, <2.2.1 - Info Disclosure
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
by Google Security Research
CVSS 5.1
FreeBSD <10.1p34, <10.2p17, <10.3p3 - DoS
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
by CTurt
CVSS 7.8
By Source