Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 101 - 110 of 131268 in total

Oracle Linux: (CVE-2018-5391) ELSA-2018-4196: Unbreakable Enterprise kernel security update Vulnerability

  • Severity: 4
  • Published: August 14, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2018-4196:

[4.1.12-124.18.5] - inet: frag: enforce memory limits earlier (Eric Dumazet) [Orabug: 28450977] - x86/mm/pageattr.c: fix page prot mask (...

Microsoft CVE-2018-8383: Microsoft Edge Spoofing Vulnerability Vulnerability

  • Severity: 4
  • Published: August 14, 2018

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabi...

Microsoft CVE-2018-8403: Microsoft Browser Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: August 14, 2018

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as th...

Microsoft CVE-2018-8380: Chakra Scripting Engine Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: August 14, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain th...

Debian: CVE-2018-10919: samba -- security update Vulnerability

  • Severity: 4
  • Published: August 14, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-4271:

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,

print, and login server for Unix. The Common Vulnerabilities ...

Red Hat: CVE-2018-12824: Important: flash-plugin security update (RHSA-2018:2435) Vulnerability

  • Severity: 4
  • Published: August 14, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2018:2435:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update upgrades Fl...

Microsoft CVE-2018-8347: Windows Kernel Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: August 14, 2018

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view,...

Microsoft CVE-2018-8343: Windows NDIS Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: August 14, 2018

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level. A...