Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 1 - 10 of 98520 in total

Obsolete Version of Drupal Vulnerability

  • Severity: 10
  • Published: November 08, 2017
Older versions of drupal (prior to 7) are no longer officially supported. There may exist unreported vulnerabilities for these versions. An upgrade to the latest version should be applied to mitigate these unknown risks.

PostgreSQL class A vulnerability in core server: CVE-2017-7546 Vulnerability

  • Severity: 4
  • Published: August 15, 2017

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

PostgreSQL class C vulnerability in core server: CVE-2017-7547 Vulnerability

  • Severity: 4
  • Published: August 15, 2017

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

Ubuntu: USN-3392-2: Linux kernel (Xenial HWE) regression Vulnerability

  • Severity: 4
  • Published: August 15, 2017

USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement kernel. Unfortunately, a regression was introduced t...

Ubuntu: USN-3392-1: Linux kernel regression Vulnerability

  • Severity: 4
  • Published: August 15, 2017

USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Fan Wu and Shixiong Zhao discovered a race cond...

Ubuntu: USN-3391-2: Ubufox update Vulnerability

  • Severity: 4
  • Published: August 15, 2017

USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site sc...

PostgreSQL class C vulnerability in core server: CVE-2017-7548 Vulnerability

  • Severity: 4
  • Published: August 15, 2017

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

Debian: CVE-2017-12836: cvs -- security update Vulnerability

  • Severity: 4
  • Published: August 12, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3940:

It was discovered that CVS, a centralised version control system, did

not correctly handle maliciously constructed repository URLs, w...

Debian: CVE-2017-11610: supervisor -- security update Vulnerability

  • Severity: 4
  • Published: August 12, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3942:

Calum Hutton reported that the XML-RPC server in supervisor, a system

for controlling process state, does not perform validation on r...