Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 131 - 140 of 128761 in total

Apple iTunes security update for CVE-2018-4218 Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to e...

OS X update for Graphics Drivers (CVE-2018-4159) Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Gentoo Linux: CVE-2017-18284: BURP: Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: June 04, 2018

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.

SUSE: CVE-2016-1000342: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: June 04, 2018

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Apple Safari security update for CVE-2018-4247 Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.

Apple iTunes security update for CVE-2018-4190 Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential informa...

SUSE: CVE-2016-1000341: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: June 04, 2018

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as w...

OS X update for IOHIDFamily (CVE-2018-4234) Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

SUSE: CVE-2016-1000346: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: June 04, 2018

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.