Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 171 - 180 of 131380 in total

MFSA2018-19 Thunderbird: Security vulnerabilities fixed in Thunderbird 60 (CVE-2018-5187) Vulnerability

  • Severity: 4
  • Published: August 06, 2018

Mozilla developers and community members Christian Holler, Sebastian Hengst, Nils Ohlmeier, Jon Coppeard, Randell Jesup, Ted Campbell, Gary Kwong, and Jean-Yves Avenard reported memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that ...

Debian: DSA-4265: xml-security-c -- security update Vulnerability

  • Severity: 4
  • Published: August 05, 2018

It was discovered that the Apache XML Security for C++ library performed

insufficient validation of KeyInfo hints, which could result in denial

of service via NULL pointer dereferences when processing malformed XML

data.

SUSE: CVE-2018-14912: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: August 03, 2018

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

Debian: CVE-2017-16653: symfony -- security update Vulnerability

  • Severity: 4
  • Published: August 03, 2018

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks....