Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 221 - 230 of 121853 in total

Microsoft CVE-2018-0778: Scripting Engine Memory Corruption Vulnerability Vulnerability

  • Severity: 8
  • Published: January 02, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same ...

SUSE: CVE-2017-1000476: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: January 02, 2018

ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.

Microsoft CVE-2018-0768: Scripting Engine Memory Corruption Vulnerability Vulnerability

  • Severity: 8
  • Published: January 02, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same ...

Debian: CVE-2017-1000472: poco -- security update Vulnerability

  • Severity: 4
  • Published: January 02, 2018

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related ...

Gentoo Linux: CVE-2017-1000433: PySAML2: Security bypass Vulnerability

  • Severity: 7
  • Published: January 01, 2018

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.