Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 141 - 150 of 124830 in total

Oracle Solaris 11: CVE-2017-18258 (11.3 SRU 27.4.0) Vulnerability

  • Severity: 4
  • Published: April 08, 2018

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

SUSE: CVE-2018-9264: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: April 04, 2018

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.

SUSE: CVE-2018-9259: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: April 04, 2018

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

SUSE: CVE-2018-9262: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: April 04, 2018

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.