Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 241 - 250 of 132973 in total

Amazon Linux AMI: CVE-2018-14633: Security patch for kernel (ALAS-2018-1086) Vulnerability

  • Severity: 4
  • Published: September 24, 2018

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be en...

Debian: CVE-2018-14633: linux -- security update Vulnerability

  • Severity: 4
  • Published: September 24, 2018

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be en...

Ubuntu: (Multiple Advisories) (CVE-2018-14633): Linux kernel (Xenial HWE) vulnerabilities Vulnerability

  • Severity: 4
  • Published: September 24, 2018

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be en...

Debian: CVE-2018-14647: python3.5 -- security update Vulnerability

  • Severity: 4
  • Published: September 24, 2018

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7...

SUSE: CVE-2018-17407: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: September 23, 2018

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.

Ubuntu: USN-3772-1 (CVE-2018-17336): UDisks vulnerability Vulnerability

  • Severity: 4
  • Published: September 22, 2018

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.