Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 11 - 20 of 98549 in total

Debian: CVE-2017-11610: supervisor -- security update Vulnerability

  • Severity: 4
  • Published: August 12, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3942:

Calum Hutton reported that the XML-RPC server in supervisor, a system

for controlling process state, does not perform validation on r...

Debian: CVE-2017-2825: zabbix -- security update Vulnerability

  • Severity: 7
  • Published: August 11, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3937:

Lilith Wyatt discovered two vulnerabilities in the Zabbix network

monitoring system which may result in execution of arbitrary code o...

Ubuntu: USN-3391-1 (CVE-2017-7809): Firefox vulnerabilities Vulnerability

  • Severity: 4
  • Published: August 10, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2017-2456:

[52.3.0-3.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ...

SUSE: CVE-2017-11185: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: August 10, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2017-11185:

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secu...

SUSE: CVE-2017-9800: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: August 10, 2017

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or ...

Apache Tomcat: Important: Security Constraint Bypass (CVE-2017-7675) Vulnerability

  • Severity: 4
  • Published: August 10, 2017

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Oracle Linux: CVE-2017-9800: ELSA-2017-2480 - subversion security update Vulnerability

  • Severity: 4
  • Published: August 10, 2017

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or ...

Red Hat: CVE-2017-9800: Important: subversion security update (RHSA-2017:2480) Vulnerability

  • Severity: 4
  • Published: August 10, 2017

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or ...

Ubuntu: USN-3388-1 (CVE-2017-9800): Subversion vulnerabilities Vulnerability

  • Severity: 4
  • Published: August 10, 2017

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or ...

Apache Tomcat: Moderate: Cache Poisoning (CVE-2017-7674) Vulnerability

  • Severity: 4
  • Published: August 10, 2017

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.