Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 21 - 30 of 137903 in total

Debian: CVE-2019-3827: gvfs -- security update Vulnerability

  • Severity: 4
  • Published: February 14, 2019

Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password

Debian: CVE-2019-6706: Multiple Affected Packages Vulnerability

  • Severity: 5
  • Published: February 14, 2019

Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

Debian: CVE-2019-0190: apache2 -- security update Vulnerability

  • Severity: 5
  • Published: February 14, 2019

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes ...

Debian: CVE-2019-3820: gnome-shell -- security update Vulnerability

  • Severity: 5
  • Published: February 14, 2019

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

Debian: CVE-2019-1000016: ffmpeg -- security update Vulnerability

  • Severity: 4
  • Published: February 14, 2019

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491...