Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 191 - 200 of 120683 in total

Amazon Linux AMI: CVE-2017-12193: Security patch for kernel (ALAS-2017-925) Vulnerability

  • Severity: 4
  • Published: November 17, 2017

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations....

Amazon Linux AMI: CVE-2017-12190: Security patch for kernel (ALAS-2017-925) Vulnerability

  • Severity: 4
  • Published: November 17, 2017

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible sy...

Ubuntu: USN-3487-1 (CVE-2017-12190): Linux kernel vulnerabilities Vulnerability

  • Severity: 4
  • Published: November 17, 2017

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible sy...

SUSE: CVE-2017-12193: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: November 17, 2017

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations....