Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 41 - 50 of 90423 in total

Microsoft CVE-2017-0163: Hyper-V Remote Code Execution Vulnerability Vulnerability

  • Severity: 4
  • Published: April 10, 2017

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operat...

Microsoft CVE-2017-0192: ATMFD.dll Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: April 10, 2017

An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll)  when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.There are multiple ways an attacker could exploit the vulnerability, su...

Microsoft CVE-2017-0179: Hyper-V Denial of Service Vulnerability Vulnerability

  • Severity: 4
  • Published: April 10, 2017

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted app...

Microsoft CVE-2017-0181: Hyper-V Remote Code Execution Vulnerability Vulnerability

  • Severity: 4
  • Published: April 10, 2017

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operat...

Apache Tomcat: Important: Denial of Service (CVE-2017-5650) Vulnerability

  • Severity: 4
  • Published: April 10, 2017

The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series o...

SUSE: CVE-2017-3062: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: April 10, 2017

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.

Obsolete version of Microsoft Windows Vista Vulnerability

  • Severity: 10
  • Published: April 10, 2017

After April 11, 2017, Windows Vista customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.

Microsoft CVE-2017-0199: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API Vulnerability

  • Severity: 4
  • Published: April 10, 2017

A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. E...