Exploitdb Exploits
3,149 exploits tracked across all sources.
Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)
by valen
libslirp 4.0.0 - Buffer Overflow
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
by vishnudevtj
CVSS 8.8
Linux - Use-After-Free Reads in show_numa_stats()
by Google Security Research
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by bcoles
CVSS 7.8
Apache-ssl - Buffer Overflow
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
by Brian Peters
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
by Google Security Research
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
by Guy Levin
CVSS 8.8
Huawei eSpace Desktop <V200R003C00 - RCE
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.
by LiquidWorm
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
iOS <12.1.4 - Privilege Escalation
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
by ZecOps
CVSS 7.8
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition
by Google Security Research
Canonical snapd <2.37.4 - Privilege Escalation
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.
by Google Security Research
CVSS 7.5
Linux Kernel < 4.6 - Information Disclosure
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
by wally0813
CVSS 5.5
AirDrop <2.0 - DoS
The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.
by s4vitar
CVSS 7.5
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
by Google Security Research
Apple Iphone OS < 12.1.3 - Out-of-Bounds Write
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
by Google Security Research
CVSS 7.8
Apple Iphone OS < 12.1.3 - Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
by Google Security Research
CVSS 8.6
Apple Iphone OS < 12.1.3 - Memory Corruption
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.
by Google Security Research
CVSS 7.8
Apple Iphone OS < 12.1.3 - Out-of-Bounds Write
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.
by Google Security Research
CVSS 7.8
iOS <12.1.3 - Memory Corruption
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
by Google Security Research
CVSS 5.5
Apple Iphone OS < 12.1.3 - Out-of-Bounds Read
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
by Google Security Research
CVSS 5.5
Apple Iphone OS < 12.1.3 - Out-of-Bounds Write
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
by Google Security Research
CVSS 7.8
By Source