Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 1 - 10 of 84787 in total

Apache HTTPD: HTTP/2 CONTINUATION denial of service (CVE-2016-8740) Vulnerability

  • Severity: 4
  • Published: December 04, 2016

The HTTP/2 protocol implementation (mod_http2) had an incomplete handling of the LimitRequestFields directive. This allowed an attacker to inject unlimited request headers into the server, leading to eventual memory exhaustion.

SUSE: CVE-2016-8569: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 02, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2016-8569:

This CVE is addressed in the SUSE advisories

SUSE: CVE-2016-8568: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 02, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2016-8568:

This CVE is addressed in the SUSE advisories

F5 Networks: SOL50116122 (CVE-2016-6816): Apache Tomcat vulnerability CVE-2016-6816 Vulnerability

  • Severity: 4
  • Published: November 30, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SOL50116122:

An attacker may be able to perform HTTP request smuggling by sending an invalid character in HTTP requests. For more information about HTTP r...

Ubuntu: USN-3148-1 (CVE-2016-7976): Ghostscript vulnerabilities Vulnerability

  • Severity: 4
  • Published: November 30, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3148-1:

Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated syste...