Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 121 - 130 of 122867 in total

Ubuntu: USN-3564-1 (CVE-2018-1053): PostgreSQL vulnerability Vulnerability

  • Severity: 4
  • Published: February 04, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3564-1:

It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information....

Ubuntu: USN-3559-1 (CVE-2018-6188): Django vulnerabilities Vulnerability

  • Severity: 4
  • Published: February 03, 2018

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.

SUSE: CVE-2018-6612: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 03, 2018

An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.

Debian: CVE-2018-6596: django-anymail -- security update Vulnerability

  • Severity: 4
  • Published: February 02, 2018

webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.

SUSE: CVE-2018-6544: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 01, 2018

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

SUSE: CVE-2018-6551: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 01, 2018

The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.