• Close
  • Vulnerability Database

    The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.

    Displaying vulnerability details 31 - 40 of 76763 in total

    MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724) Vulnerability

    • Severity: 8
    • Published: September 12, 2016

    A remote code execution vulnerability exists in the way that the Microsoft OLE Automation mechanism and the VBScript Scripting Engine in Internet Explorer access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who suc...

    MS16-106: Security Update for Microsoft Graphics Component (3185848) Vulnerability

    • Severity: 9
    • Published: September 12, 2016

    Multiple elevation of privilege vulnerabilities exist in the way that certain Windows kernel-mode drivers handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full u...

    MS16-109: Security Update for Silverlight (3182373) Vulnerability

    • Severity: 9
    • Published: September 12, 2016

    A remote code execution vulnerability exists when Microsoft Silverlight improperly allows applications to access objects in memory. The vulnerability could corrupt system memory, which could allow an attacker to execute arbitrary code. In a web-browsing scenario, an attacker who successfully exploited this vulnerability could obtain the ...

    MS16-115: Security Update for Microsoft Windows PDF Library (3188733) Vulnerability

    • Severity: 4
    • Published: September 12, 2016

    Multiple information disclosure vulnerabilities exist in the way that the Windows PDF Library handles objects in memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise a target system.

    MS16-107: Security Update for Microsoft Office (3185852) Vulnerability

    • Severity: 9
    • Published: September 12, 2016

    An information disclosure vulnerability exists in the way that the Click-to-Run (C2R) components handle objects in memory, which could lead to an Address Space Layout Randomization (ASLR) bypass.

    MS16-113: Security Update for Windows Secure Kernel Mode (3185876) Vulnerability

    • Severity: 4
    • Published: September 12, 2016

    An information disclosure vulnerability exists in Windows when Windows Secure Kernel Mode improperly handles objects in memory. A locally-authenticated attacker could attempt to exploit the vulnerability by running a specially crafted application on a targeted system. Note that the information disclosure vulnerability alone would not be ...

    MS16-112: Security Update for Windows Lock Screen (3178469) Vulnerability

    • Severity: 6
    • Published: September 12, 2016

    An elevation of privilege vulnerability exists when Windows improperly allows web content to load from the Windows lock screen. To exploit the vulnerability, an attacker with physical access to a user’s computer could either connect to a maliciously configured WiFi hotspot or insert a mobile broadband adaptor in the user’s computer. ...

    Oracle Linux: CVE-2016-6250: ELSA-2016-1844 - libarchive security update Vulnerability

    • Severity: 4
    • Published: September 11, 2016

    Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

    From ELSA-2016-1844:

    [3.1.2-10] - Fixes variation of CVE-2016-5418: Hard links could include '..' in their path. [3.1.2-9] - Fixes CVE-2016-5418: Archive Entr...

    Oracle Linux: CVE-2016-5418: ELSA-2016-1850 - libarchive security update Vulnerability

    • Severity: 4
    • Published: September 11, 2016

    Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

    From ELSA-2016-1850:

    [2.8.3-7] - Fixes variation of CVE-2016-5418: Hard links could include '..' in their path. [2.8.3-6] - Fixes CVE-2016-5418: Archive Entry...