• Close
  • Vulnerability Database

    The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.

    Displaying vulnerability details 21 - 30 of 76403 in total

    Ubuntu: USN-3045-1 (CVE-2016-5096): PHP vulnerabilities Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.

    Red Hat: CVE-2016-5144: Important: chromium-browser security update (RHSA-2016:1580) Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.

    Ubuntu: USN-3045-1 (CVE-2016-5094): PHP vulnerabilities Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.

    Ubuntu: USN-3045-1 (CVE-2016-5093): PHP vulnerabilities Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primar...

    PHP Vulnerability: CVE-2016-3132 Vulnerability

    • Severity: 8
    • Published: August 06, 2016

    Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.

    Debian: DSA-3602 (CVE-2016-5094): php5 -- security update Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.

    Google Chrome Vulnerability: CVE-2016-5140 Vulnerability

    • Severity: 8
    • Published: August 06, 2016

    Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.

    PHP Vulnerability: CVE-2016-3078 Vulnerability

    • Severity: 8
    • Published: August 06, 2016

    Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.