• Close
  • Vulnerability Database

    The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.

    Displaying vulnerability details 31 - 40 of 76491 in total

    MS16-096: Cumulative Security Update for Microsoft Edge (3177358) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    Multiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights...

    MS16-101: Security Update for Windows Authentication Methods (3178465) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    An elevation of privilege vulnerability exists when Windows Netlogon improperly establishes a secure communications channel to a domain controller. An attacker who successfully exploited the vulnerability could run a specially crafted application on a domain-joined system. To exploit the vulnerability, an attacker would require access to...

    MS16-095: Cumulative Security Update for Internet Explorer (3177356) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    Multiple remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rig...

    FreeBSD: puppet-agent MCollective plugin -- Remote Code Execution vulnerability (CVE-2015-7331) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    Puppet reports: Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the `--server` argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disab...

    MS16-103: Security Update for ActiveSyncProvider (3182332) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    An information disclosure vulnerability exists when Universal Outlook fails to establish a secure connection. An attacker could use this vulnerability to obtain the username and password of a user. The update addresses the vulnerability by preventing Universal Outlook from disclosing usernames and passwords.

    MS16-100: Security Update for Secure Boot (3179577) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. Furthermore, the atta...

    MS16-099: Security Update for Microsoft Office (3177451) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could create a specially crafted OneNote file and convince a victim to o...

    MS16-097: Security Update for Microsoft Graphics Component (3177393) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    Multiple remote code execution vulnerabilities exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerabilities could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with fu...

    MS16-102: Security Update for Microsoft Windows PDF Library (3182248) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user righ...