Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 21 - 30 of 81063 in total

SUSE: CVE-2016-9069: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: November 17, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3124-1:

Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan...

Amazon Linux AMI: CVE-2016-6233: Security patch for php-ZendFramework (ALAS-2016-767) Vulnerability

  • Severity: 4
  • Published: November 17, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ALAS-2016-767:

The implementation of ORDER BY and GROUP BY in Zend_Db_Select was discovered to be vulnerable to SQL injection.

Amazon Linux AMI: CVE-2016-4861: Security patch for php-ZendFramework (ALAS-2016-767) Vulnerability

  • Severity: 4
  • Published: November 17, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ALAS-2016-767:

The implementation of ORDER BY and GROUP BY in Zend_Db_Select was discovered to be vulnerable to SQL injection.

Palo Alto Networks PAN-SA-2016-0037 (CVE-2016-9149): XPath Injection Vulnerability

  • Severity: 4
  • Published: November 16, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From PAN-SA-2016-0037:

The Addresses Object parsing function does not properly escape single quotes. (Ref # PAN-55237/92073/CVE-2016-9149)

Debian: DSA-3718: drupal7 -- security update Vulnerability

  • Severity: 4
  • Published: November 16, 2016

Multiple vulnerabilities has been found in the Drupal content management

framework. For additional information, please refer to the upstream advisory

athttps://www.drupal.org/SA-CORE-2016-005

Debian: DSA-3719 (CVE-2016-9376): wireshark -- security update Vulnerability

  • Severity: 4
  • Published: November 16, 2016

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.

Palo Alto Networks PAN-SA-2016-0034 (CVE-2016-9151): Local Privilege Escalation Vulnerability

  • Severity: 4
  • Published: November 16, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From PAN-SA-2016-0034:

Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with high...

Debian: DSA-3719 (CVE-2016-9375): wireshark -- security update Vulnerability

  • Severity: 4
  • Published: November 16, 2016

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.

Debian: DSA-3719 (CVE-2016-9374): wireshark -- security update Vulnerability

  • Severity: 4
  • Published: November 16, 2016

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.

Debian: DSA-3719 (CVE-2016-9373): wireshark -- security update Vulnerability

  • Severity: 4
  • Published: November 16, 2016

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.