Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 201 - 210 of 129071 in total

SUSE: CVE-2016-1000346: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: June 04, 2018

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.

Apple Safari security update for CVE-2018-4190 Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential informa...

Apple iTunes security update for CVE-2018-4224 Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypa...

Apple iTunes security update for CVE-2018-4199 Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a d...

OS X update for Intel Graphics Driver (CVE-2018-4141) Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

OS X update for Messages (CVE-2018-4235) Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.

SUSE: CVE-2016-1000341: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: June 04, 2018

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as w...

SUSE: CVE-2016-1000339: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: June 04, 2018

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There w...

OS X update for Mail (CVE-2018-4227) Vulnerability

  • Severity: 4
  • Published: June 04, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.