Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 1 - 10 of 127793 in total

ISC BIND: Multiple transfers of a zone in quick succession due to assertion failure in rbtdb.c (CVE-2018-5736) Vulnerability

  • Severity: 4
  • Published: May 23, 2018

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for exa...

ISC BIND: Degredation or Denial of Service due to assertion failure in rbtdb.c (CVE-2018-5737) Vulnerability

  • Severity: 4
  • Published: May 23, 2018

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a rec...

Wireshark : CVE-2018-11362 : LDSS dissector crash Vulnerability

  • Severity: 4
  • Published: May 22, 2018

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.

Wireshark : CVE-2018-11358 : Q.931 dissector crash Vulnerability

  • Severity: 4
  • Published: May 22, 2018

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.

Wireshark : CVE-2018-11355 : RTCP dissector crash Vulnerability

  • Severity: 4
  • Published: May 22, 2018

In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.

Wireshark : CVE-2018-11360 : GSM A DTAP dissector crash Vulnerability

  • Severity: 4
  • Published: May 22, 2018

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.