• Close
  • Vulnerability Database

    The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.

    Displaying vulnerability details 41 - 50 of 76491 in total

    MS16-096: Cumulative Security Update for Microsoft Edge (3177358) Vulnerability

    • Severity: 4
    • Published: August 08, 2016

    Multiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights...

    Debian: DSA-3602 (CVE-2016-5093): php5 -- security update Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primar...

    Ubuntu: USN-3045-1 (CVE-2016-5094): PHP vulnerabilities Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.

    Google Chrome Vulnerability: CVE-2016-5146 Vulnerability

    • Severity: 8
    • Published: August 06, 2016

    Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

    Amazon Linux AMI: CVE-2016-5767: Security patch for php55,php56 (ALAS-2016-728) Vulnerability

    • Severity: 7
    • Published: August 06, 2016

    Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a cr...

    Debian: DSA-3602 (CVE-2016-5094): php5 -- security update Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.

    Debian: DSA-3618 (CVE-2016-5773): php5 -- security update Vulnerability

    • Severity: 8
    • Published: August 06, 2016

    php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing ...

    Debian: DSA-3619 (CVE-2016-5116): libgd2 -- security update Vulnerability

    • Severity: 4
    • Published: August 06, 2016

    gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

    Google Chrome Vulnerability: CVE-2016-5145 Vulnerability

    • Severity: 7
    • Published: August 06, 2016

    Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.