Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 31 - 40 of 103140 in total

Ubuntu: USN-3346-2: Bind regression Vulnerability

  • Severity: 4
  • Published: September 17, 2017

USN-3346-1 fixed vulnerabilities in Bind. The fix forCVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem.

In addition, this update adds the new root zone key signing key (KSK).

Original advisory ...

Ubuntu: USN-3425-1 (CVE-2017-9798): Apache HTTP Server vulnerability Vulnerability

  • Severity: 4
  • Published: September 17, 2017

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP reques...

Apache HTTPD: Use-after-free when using with an unrecognized method in .htaccess ("OptionsBleed") (CVE-2017-9798) Vulnerability

  • Severity: 4
  • Published: September 17, 2017

When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in ...

Debian: CVE-2017-2924: freexl -- security update Vulnerability

  • Severity: 4
  • Published: September 16, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3976:

MarcinIcewallNoga of Cisco Talos discovered two vulnerabilities in

freexl, a library to read Microsoft Excel spreadsheets, which migh...

Debian: CVE-2017-14500: newsbeuter -- security update Vulnerability

  • Severity: 4
  • Published: September 16, 2017

Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to ...

Debian: CVE-2017-2923: freexl -- security update Vulnerability

  • Severity: 4
  • Published: September 16, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3976:

MarcinIcewallNoga of Cisco Talos discovered two vulnerabilities in

freexl, a library to read Microsoft Excel spreadsheets, which migh...

VMware Workstation: Vulnerability (VMSA-2017-0015) (CVE-2017-4924) Vulnerability

  • Severity: 4
  • Published: September 14, 2017

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

VMware Fusion: Vulnerability (VMSA-2017-0015) (CVE-2017-4925) Vulnerability

  • Severity: 4
  • Published: September 14, 2017

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this iss...

VMware Workstation: Vulnerability (VMSA-2017-0015) (CVE-2017-4925) Vulnerability

  • Severity: 4
  • Published: September 14, 2017

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this iss...