Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 31 - 40 of 136890 in total

Debian: CVE-2018-16864: systemd -- security update Vulnerability

  • Severity: 4
  • Published: January 10, 2019

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

Juniper Junos OS: 2019-01 Security Bulletin: Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration (JSA10906) (CVE-2019-0006) Vulnerability

  • Severity: 4
  • Published: January 10, 2019

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only o...

SUSE: CVE-2018-4373: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: January 10, 2019

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2018-4373:

This CVE is addressed in the SUSE advisories SUSE-SU-2019:0059-1.

Juniper Junos OS: 2019-01 Security Bulletin: Junos OS: EX and QFX series: Stateless firewall filter ignores IPv6 extension headers (JSA10905) (CVE-2019-0005) Vulnerability

  • Severity: 4
  • Published: January 10, 2019

On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX an...

SUSE: CVE-2018-4378: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: January 10, 2019

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2018-4378:

This CVE is addressed in the SUSE advisories SUSE-SU-2019:0059-1.

Juniper Junos OS: 2019-01 Security Bulletin: Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core. (JSA10902) (CVE-2019-0003) Vulnerability

  • Severity: 4
  • Published: January 10, 2019

When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS:...

Juniper Junos OS: 2019-01 Security Bulletin: Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability (JSA10903) (CVE-2019-0007) Vulnerability

  • Severity: 4
  • Published: January 10, 2019

The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected re...

SUSE: CVE-2018-4392: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: January 10, 2019

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2018-4392:

This CVE is addressed in the SUSE advisories SUSE-SU-2019:0059-1.

Juniper Junos OS: 2019-01 Security Bulletin: Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message (JSA10912) (CVE-2019-0012) Vulnerability

  • Severity: 4
  • Published: January 10, 2019

A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects...