• Close
  • Vulnerability Database

    The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.

    Displaying vulnerability details 11 - 20 of 76491 in total

    Ubuntu: USN-3063-1 (CVE-2016-5384): Fontconfig vulnerability Vulnerability

    • Severity: 4
    • Published: August 11, 2016

    fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

    Debian: DSA-3644 (CVE-2016-5384): fontconfig -- security update Vulnerability

    • Severity: 4
    • Published: August 11, 2016

    fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

    FreeBSD: TeamSpeak Server 3 -- Multiple vulnerabilities including Remote Code Execution Vulnerability

    • Severity: 4
    • Published: August 11, 2016

    Hanz Jenson audit report: I found 10 vulnerabilities. Some of these are critical and allow remote code execution. For the average user, that means that these vulnerabilities can be exploited by a malicious attacker in order to take over any Teamspeak server, not only becoming serveradmin, but getting a shell on the aff...

    Debian: DSA-3630 (CVE-2016-6207): libgd2 -- security update Vulnerability

    • Severity: 4
    • Published: August 11, 2016

    Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

    Ubuntu: USN-3048-1 (CVE-2016-5421): curl vulnerabilities Vulnerability

    • Severity: 8
    • Published: August 09, 2016

    Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

    Amazon Linux AMI: CVE-2016-5408: Security patch for squid (ALAS-2016-735) Vulnerability

    • Severity: 8
    • Published: August 09, 2016

    Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.