CVE

Links

• Submit a CVE Request
• awesome cve poc
• The Reports of CVE's Death Have Been Greatly Exaggerated

List

• CVE-2023-3269: StackRot
• CVE-2022-29867 Remote kernel heap overflow on PS4
• CVE-2022-23088 exploiting a heap overflow in the freebsd wi-fi stack
• CVE-2022-22057 a use-after-free in the Qualcomm gpu kernel driver
• CVE-2022-21449: Psychic Signatures in Java
• CVE-2022-2585 A race condition in the way CLOCK_THREAD_CPUTIME_ID works
• CVE-2022-1015-1016 two vulnerabilties found in the nf_tables component of the netfilter subsystem in the Linux kernel.
• CVE-2022-0847 dirty pipe
• CVE-2021-33909 Sequoia: A deep root in Linux's filesystem layer
• CVE-2021-31440: AN INCORRECT BOUNDS CALCULATION IN THE LINUX KERNEL EBPF VERIFIER
• CVE-2021-30465: runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
• CVE-2021-26708 Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel
• CVE-2021-23017: nginx DNS Resolver Off-by-One Heap Write Vulnerability
• CVE-2021-22555 Turning \x00\x00 into 10000$
• CVE-2021-21225 a vulnerability in V8's Array.prototype.concat implementation
  • part 2 with the exploit
• CVE-2021-21017 Analysis of a Heap Buffer-Overflow Vulnerability in Adobe Acrobat Reader DC
• CVE-2021-4034 PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec
• CVE-2021-3156 sudo heap based overflow
• Exim's Multiple vulnerabilities:
  • CVE-2020-28007: Link attack in Exim's log directory
  • CVE-2020-28008: Assorted attacks in Exim's spool directory
  • CVE-2020-28014: Arbitrary file creation and clobbering
  • CVE-2021-27216: Arbitrary file deletion
  • CVE-2020-28011: Heap buffer overflow in queue_run()
  • CVE-2020-28010: Heap out-of-bounds write in main()
  • CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
  • CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
  • CVE-2020-28015: New-line injection into spool header file (local)
  • CVE-2020-28012: Missing close-on-exec flag for privileged pipe
  • CVE-2020-28009: Integer overflow in get_stdinput()
  • CVE-2020-28017: Integer overflow in receive_add_recipient()
  • CVE-2020-28020: Integer overflow in receive_msg()
  • CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
  • CVE-2020-28021: New-line injection into spool header file (remote)
  • CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
  • CVE-2020-28026: Line truncation and injection in spool_read_header()
  • CVE-2020-28019: Failure to reset function pointer after BDAT error
  • CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
  • CVE-2020-28018: Use-after-free in tls-openssl.c
  • CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
• CVE-2020-13629 Espressif ESP32: Bypassing Encrypted Secure Boot
• CVE-2020-11060 An arbitrary path and a hashed path disclosure can be abused to execute code on a GLPI host, by creating a PHP/GZIP polyglot file.
• CVE-2020-10713 Grubbing Secure Boot the Wrong Way: OOB in the GRUB parser
• CVE-2020-8835
• CVE-2020-0423: Exploiting a Single Instruction Race Condition in Binder
• CVE-2019-18683: Linux kernel UAF caused by a race condition in the V4L subsystem.
• CVE-2019-18634: first writeup, second writeup In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process.
• CVE-2019-11484
• CVE-2019-11707 Exploit code for a vulnerability in Firefox, found by saelo and coinbase security
• CVE-2019-11932 How a double-free bug in WhatsApp turns to RCE
• CVE-2019-14378 Qemu escape
• CVE-2019-13272 Linux 4.10 < 5.1.17 PTRACE_TRACEME local root PoC
• CVE-2019-2215
  • Android's /dev/binder UAF
  • Bad Binder: Android In-The-Wild Exploit
• CVE-2019-2107 Android stagefright-like HW vulnerability
• CVE-2019–0708 A Debugging Primer with CVE-2019–0708
• CVE-2019–0708 BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)
• CVE-2019-0752 RCE WITHOUT NATIVE CODE: EXPLOITATION OF A WRITE-WHAT-WHERE IN INTERNET EXPLORER
• CVE-2019-0211 Apache Root Privilege Escalation
• CVE-2018-13784: PrestaShop 1.6.x Privilege Escalation
• CVE-2018-8120 RCE in Acrobat reader
• CVE-1028-7445 Finding and exploiting CVE-2018–7445 (unauthenticated RCE in MikroTik’s RouterOS SMB)
• CVE-2017-11176: A step-by-step Linux Kernel exploitation
  • part 1/4
  • part 2/4
  • part 3/4
  • part 4/4
• CVE-2017-0781 BlueBorne RCE on Android 6.0.1
• CVE-2016-6187 Exploiting Linux kernel heap off-by-one
• CVE-2016-5195 also known as Dirty Cow, another writeup
• CVE-2016-3714 ImageMagick RCE
• CVE-2016-3132 Double Free in Standard PHP Library Double Link List
• CVE-2016-2384 Exploiting a double-free in the USB-MIDI Linux kernel driver
• CVE-2016-0728
• CVE-2015-3864 stagefright
• Analysis of PHP's CVE-2016-6289 and CVE-2016-6297
• CVE-2016-5696 Off-Path TCP Exploits
• Slides for CVE-2016-5340, CVE-2016-2504, CVE-2016-2503 and CVE-2016-2059
• CVE-2016-8655 Linux af_packet.c race condition
• vmnc decoder
• CVE-2015-6565
• Android kernel CVE POCs
• CVE-2017-6074
• repo with POC
• Unix privilege escalation exploits pack
• CVE-2016-7201 IE Edge
• CVE-2017-1000366 Stack clash
• Solving a post exploitation issue with CVE-2017-7308
• CVE-2017-2636 race condition in the n_hdlc Linux kernel driver bypassing SMEP
• CVE-2018-6789: Exim Off-by-one RCE
  • writeup
  • writeup

Writeup

• How we broke PHP, hacked Pornhub and earned 20.000$
• Explaining Dirty COW local root exploit - CVE-2016-5195 Video
• PS4 kernel exploit write-up for 4.05