Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 151 - 160 of 136859 in total

SUSE: CVE-2018-1000858: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 20, 2018

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerabi...

Debian: CVE-2018-1000880: libarchive -- security update Vulnerability

  • Severity: 4
  • Published: December 20, 2018

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to b...

Artifex Ghostscript: (CVE-2018-19134) Setpattern operator type confusion Vulnerability

  • Severity: 7
  • Published: December 20, 2018

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implem...

F5 Networks: K61620494 (CVE-2018-15329): TMUI vulnerability CVE-2018-15329 Vulnerability

  • Severity: 7
  • Published: December 20, 2018

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

Debian: CVE-2018-1000877: libarchive -- security update Vulnerability

  • Severity: 4
  • Published: December 20, 2018

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exp...

F5 Networks: K23328310 (CVE-2018-15330): TMM vulnerability CVE-2018-15330 Vulnerability

  • Severity: 8
  • Published: December 20, 2018

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file.

Debian: CVE-2018-1160: netatalk -- security update Vulnerability

  • Severity: 4
  • Published: December 20, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-4356:

Jacob Baines discovered a flaw in the handling of the DSI Opensession

command in Netatalk, an implementation of the AppleTalk Protoco...

SUSE: CVE-2018-17957: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 20, 2018

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.

Debian: CVE-2018-1000878: libarchive -- security update Vulnerability

  • Severity: 4
  • Published: December 20, 2018

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a...