Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 1 - 10 of 87351 in total

F5 Networks: K05121675 (CVE-2016-9244): K05121675: F5 TLS vulnerability CVE-2016-9244 Vulnerability

  • Severity: 4
  • Published: February 08, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From K05121675:

A BIG-IP SSL virtual server with the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory.

Cisco ASA: Clientless SSL VPN CIFS Heap Overflow Vulnerability (cisco-sa-20170208-asa) (CVE-2017-3807) Vulnerability

  • Severity: 4
  • Published: February 08, 2017

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability b...

SUSE: CVE-2017-2583: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: February 06, 2017

The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.

Cisco SAN-OS: Cisco Software Encryption Library Information Disclosure Vulnerability (CVE-2011-4667) Vulnerability

  • Severity: 4
  • Published: February 06, 2017

The Cisco Security Intelligence Operations Portal (SIOP) is a free, customer-facing website that is part of Cisco’s Security Services presence and strategy, and resides at cisco.com/security. Cisco software contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted syste...

Oracle Linux: CVE-2016-9578: ELSA-2017-0253 - spice-server security update Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2017:0253:

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can ...

SUSE: CVE-2016-10050: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2016-10050:

This CVE is addressed in the SUSE advisories openSUSE-SU-2017:0391-1, openSUSE-SU-2017:0399-1.

SUSE: CVE-2016-10064: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2016-10064:

This CVE is addressed in the SUSE advisories openSUSE-SU-2017:0391-1.

SUSE: CVE-2016-10048: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2016-10048:

This CVE is addressed in the SUSE advisories openSUSE-SU-2017:0391-1, openSUSE-SU-2017:0399-1.

Ubuntu: USN-3191-1 (CVE-2016-7589): WebKitGTK+ vulnerabilities Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3191-1:

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a maliciou...

Oracle Linux: CVE-2016-9577: ELSA-2017-0253 - spice-server security update Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2017:0253:

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can ...