• Close
  • Vulnerability Database

    The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.

    Displaying vulnerability details 1 - 10 of 73927 in total

    Apache HTTPD: mod_http2: denial of service by thread starvation (CVE-2016-1546) Vulnerability

    • Severity: 4
    • Published: May 15, 2016

    The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_http2. Review your web server configuration for validation. By manipulating the flow control windows on streams, a client was able to block server threads for long times, causing starvation of worker threads. Connections could...

    Debian: DSA-3577 (CVE-2016-4425): jansson -- security update Vulnerability

    • Severity: 4
    • Published: May 13, 2016

    Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

    From DSA-3577:

    Gustavo Grieco discovered that jansson, a C library for encoding,

    decoding and manipulating JSON data, did not limit the recursion de...

    Oracle Linux: CVE-2016-0758: ELSA-2016-1033 - kernel security and bug fix update Vulnerability

    • Severity: 4
    • Published: May 11, 2016

    Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

    From ELSA-2016-1033:

    - [3.10.0-327.18.2.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.18.2] - [lib] keys: Fix ASN.1 indefinite length object ...

    RHSA-2016:1033: kernel security and bug fix update Vulnerability

    • Severity: 4
    • Published: May 11, 2016

    The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue.Bug Fix(es):

    RHSA-2016:1051: kernel-rt security, bug fix, and enhancement update Vulnerability

    • Severity: 4
    • Published: May 11, 2016

    The kernel-rt packages contain the Linux kernel, the core of any Linux operating system.The following packages have been upgraded to a newer upstream version: kernel-rt (3.10.0-327.18.2). This version provides a number of bug fixes and enhancements, including:(BZ#1322033)Security Fix(es):Red Hat would like to thank Philip Pettersson of S...