• Close
  • Vulnerability Database

    The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.

    Displaying vulnerability details 1 - 10 of 76403 in total

    FreeBSD: Several vulnerabilities found in Teamspeak3-server Vulnerability

    • Severity: 4
    • Published: August 11, 2016

    Hanz Jenson audit report: I found 10 vulnerabilities. Some of these are critical and allow remote code execution. For the average user, that means that these vulnerabilities can be exploited by a malicious attacker in order to take over any Teamspeak server, not only becoming serveradmin, but getting a shell on the aff...

    MS16-102: Security Update for Microsoft Windows PDF Library (3182248) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user righ...

    MS16-096: Cumulative Security Update for Microsoft Edge (3177358) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    Multiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights...

    MS16-101: Security Update for Windows Authentication Methods (3178465) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    An elevation of privilege vulnerability exists when Windows Netlogon improperly establishes a secure communications channel to a domain controller. An attacker who successfully exploited the vulnerability could run a specially crafted application on a domain-joined system. To exploit the vulnerability, an attacker would require access to...

    MS16-103: Security Update for ActiveSyncProvider (3182332) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    An information disclosure vulnerability exists when Universal Outlook fails to establish a secure connection. An attacker could use this vulnerability to obtain the username and password of a user. The update addresses the vulnerability by preventing Universal Outlook from disclosing usernames and passwords.

    MS16-099: Security Update for Microsoft Office (3177451) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could create a specially crafted OneNote file and convince a victim to o...

    MS16-100: Security Update for Secure Boot (3179577) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. Furthermore, the atta...