C Exploits

3,550 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-5715 EXPLOITDB MEDIUM c
Intel Atom C < 5.1.32 - Information Disclosure
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
by Multiple
CVSS 5.6
CVE-2017-5753 EXPLOITDB MEDIUM c
Intel Atom Z < 1.1.7-6941-1 - Information Disclosure
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
by Multiple
CVSS 5.6
CVE-2017-10661 EXPLOITDB HIGH c
Linux Kernel < 3.2.92 - Use After Free
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
by anonymous
CVSS 7.0
CVE-2017-13847 EXPLOITDB HIGH c VERIFIED
Apple <11.2, <10.13.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-13867 EXPLOITDB HIGH c VERIFIED
Apple <11.2, <10.13.2, <4.2, <11.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-13875 EXPLOITDB HIGH c VERIFIED
Apple <10.13.2 - RCE/DoS
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-13865 EXPLOITDB MEDIUM c VERIFIED
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
by Google Security Research
CVSS 5.5
CVE-2017-13855 EXPLOITDB MEDIUM c VERIFIED
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.
by Google Security Research
CVSS 5.5
CVE-2017-13869 EXPLOITDB MEDIUM c VERIFIED
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
by Google Security Research
CVSS 5.5
CVE-2017-16994 EXPLOITDB MEDIUM c
Linux Kernel <4.14.2 - Info Disclosure
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
by anonymous
CVSS 5.5
CVE-2017-1000405 EXPLOITDB HIGH c
Linux Kernel <4.14 - Privilege Escalation
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.
by anonymous
CVSS 7.0
CVE-2017-16994 EXPLOITDB MEDIUM c
Linux Kernel <4.14.2 - Info Disclosure
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
by anonymous
CVSS 5.5
CVE-2017-17538 EXPLOITDB HIGH c
Mikrotik Router Firmware - Denial of Service
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
by FarazPajohan
CVSS 7.5
CVE-2017-13868 EXPLOITDB MEDIUM c
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
by Brandon Azad
CVSS 5.5
CVE-2017-8824 EXPLOITDB HIGH c VERIFIED
Linux Kernel < 3.2.97 - Use After Free
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
by Mohamed Ghannam
CVSS 7.8
CVE-2017-1000405 EXPLOITDB HIGH c
Linux Kernel <4.14 - Privilege Escalation
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.
by Bindecy
CVSS 7.0
EIP-2026-119541 EXPLOITDB c VERIFIED
Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
by XPN
CVE-2017-16994 EXPLOITDB MEDIUM c VERIFIED
Linux Kernel <4.14.2 - Info Disclosure
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
by Google Security Research
CVSS 5.5
CVE-2017-14961 EXPLOITDB HIGH c
Ikarussecurity Anti.virus - Improper Input Validation
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
by Parvez Anwar
CVSS 7.8
CVE-2017-6331 EXPLOITDB HIGH c VERIFIED
Symantec Endpoint Protection <SEP 14 RU1 - Privilege Escalation
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
by hyp3rlinx
CVSS 7.1
CVE-2017-5123 EXPLOITDB HIGH c
Linux Kernel 4.13 through 4.13.7 - Sandbox Escape via waitid
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
by Chris Salls
CVSS 8.8
CVE-2017-16237 EXPLOITDB HIGH c
Vir.IT eXplorer Anti-Virus <8.5.42 - Buffer Overflow
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.
by Parvez Anwar
CVSS 7.8
EIP-2026-116366 EXPLOITDB c
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)
by Ivan Ivanovic
CVE-2017-15920 EXPLOITDB HIGH c
Watchdogdevelopment Anti-malware - NULL Pointer Dereference
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
by Parvez Anwar
CVSS 7.5
CVE-2017-15921 EXPLOITDB HIGH c
Watchdogdevelopment Anti-malware - NULL Pointer Dereference
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
by Parvez Anwar
CVSS 7.5
By Source
All 3,550 Exploitdb 50,123 Writeup 46,610 Nomisec 21,121 Metasploit 3,189 Github 2,231 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 259 c++ 245 shell 68 go 41 postscript 25 xml 24