CVE & Exploit Intelligence Database

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,847 CVEs tracked 53,242 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,918 Nuclei templates 37,802 vendors 42,493 researchers

718 results Clear all

CVE-2017-1000072 9.8 CRITICAL EPSS 0.01

Creolabs Gravity 1.0 - Memory Corruption

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations

CWE-415 Jul 17, 2017

CVE-2017-11139 9.8 CRITICAL EPSS 0.00

Graphicsmagick - Double Free

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

CWE-415 Jul 10, 2017

CVE-2017-10914 8.1 HIGH EPSS 0.01

Xen < 4.8.1 - Race Condition

The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.

CWE-415 Jul 05, 2017

CVE-2017-7521 5.9 MEDIUM EPSS 0.00

OpenVPN <2.4.3, <2.3.17 - DoS

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

CWE-772 Jun 27, 2017

CVE-2017-7373 7.8 HIGH EPSS 0.00

Android < - Memory Corruption

In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.

CWE-415 Jun 13, 2017

CVE-2015-1207 6.5 MEDIUM EPSS 0.00

FFMPEG - Memory Corruption

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

CWE-415 Jun 06, 2017

CVE-2015-9007 7.8 HIGH EPSS 0.00

Google Android - Double Free

In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.

CWE-415 Jun 06, 2017

CVE-2017-9287 6.5 MEDIUM EPSS 0.36

OpenLDAP <2.4.44 - Memory Corruption

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

CWE-415 May 29, 2017

CVE-2017-9078 8.8 HIGH EPSS 0.05

Dropbear <2017.75 - RCE

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

CWE-415 May 19, 2017

CVE-2017-8890 7.8 HIGH 3 PoCs Analysis EPSS 0.01

Linux Kernel <4.10.15 - DoS

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

CWE-415 May 10, 2017

CVE-2016-1516 8.8 HIGH EPSS 0.01

OpenCV 3.0.0 - Memory Corruption

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.

CWE-415 Apr 10, 2017

CVE-2017-2425 7.8 HIGH EPSS 0.00

Apple <10.12.4 - RCE

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate.

CWE-415 Apr 02, 2017

CVE-2017-7393 8.8 HIGH EPSS 0.02

TigerVNC 1.7.1 - Use After Free

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

CWE-415 Apr 01, 2017

CVE-2014-9807 5.5 MEDIUM EPSS 0.00

ImageMagick - DoS

The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.

CWE-415 Mar 30, 2017

CVE-2017-5506 7.8 HIGH 1 Writeup EPSS 0.00

Imagemagick - Double Free

Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.

CWE-415 Mar 24, 2017

CVE-2017-5334 9.8 CRITICAL EPSS 0.06

GnuTLS <3.3.26, <3.5.8 - Use After Free

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

CWE-415 Mar 24, 2017

CVE-2015-8894 5.5 MEDIUM EPSS 0.00

Imagemagick - Double Free

Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.

CWE-415 Mar 15, 2017

CVE-2017-2636 7.0 HIGH 1 PoC Analysis EPSS 0.01

Linux Kernel < 3.2.87 - Race Condition

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

CWE-415 Mar 07, 2017

CVE-2017-5836 7.5 HIGH EPSS 0.00

Libimobiledevice Libplist - Double Free

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

CWE-415 Mar 03, 2017

CVE-2017-6353 5.5 MEDIUM 1 Writeup EPSS 0.00

Linux Kernel < 4.10 - Double Free

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.

CWE-415 Mar 01, 2017