Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 21 - 30 of 121643 in total

Wireshark : CVE-2018-5334 : IxVeriWave file parser crash Vulnerability

  • Severity: 4
  • Published: January 10, 2018

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.

Wireshark : CVE-2018-5335 : WCP dissector crash Vulnerability

  • Severity: 4
  • Published: January 10, 2018

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.

Juniper Junos OS: SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (JSA10836) (CVE-2018-0009) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks...

Juniper Junos OS: bbe-smgd process denial of service while processing VLAN authentication requests/rejects (JSA10834) (CVE-2018-0006) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, ...

Juniper Junos OS: commit script may allow unauthenticated root login upon reboot (JSA10835) (CVE-2018-0008) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior ...

Juniper Junos OS: 2018-01 Security Bulletin: Junos OS: Kernel Denial of Service Vulnerability (JSA10832) (CVE-2018-0004) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running ...

Juniper Junos OS: 2018-01 Security Bulletin: Junos OS: Malicious LLDP crafted packet leads to privilege escalation, denial of service. (JSA10830) (CVE-2018-0007) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to s...

Juniper Junos OS: 2018-01 Security Bulletin: Junos OS: A crafted MPLS packet may lead to a kernel crash (JSA10831) (CVE-2018-0003) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions p...

Juniper Junos OS: 2018-01 Security Bulletin: Junos OS: MAC move limit configured to drop traffic may forward traffic. (JSA10833) (CVE-2018-0005) Vulnerability

  • Severity: 4
  • Published: January 09, 2018

QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15....