Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 81 - 90 of 127344 in total

MFSA2018-11 Firefox: Security vulnerabilities fixed in Firefox 60 (CVE-2018-5152) Vulnerability

  • Severity: 4
  • Published: May 09, 2018

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the webRequest API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose sync...

Red Hat: CVE-2018-5183: Critical: firefox security update ((Multiple Advisories)) Vulnerability

  • Severity: 4
  • Published: May 09, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2018:1415:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update up...

MFSA2018-11 Firefox: Security vulnerabilities fixed in Firefox 60 (CVE-2018-5176) Vulnerability

  • Severity: 4
  • Published: May 09, 2018

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and autho...

Red Hat: CVE-2018-1089: Important: 389-ds-base security update (RHSA-2018:1364) Vulnerability

  • Severity: 4
  • Published: May 09, 2018

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Oracle Linux: (CVE-2018-1089) ELSA-2018-1364: 389-ds-base security update Vulnerability

  • Severity: 4
  • Published: May 09, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2018-1364:

[1.2.11.15-95] - Bump version to 1.2.11-15-95 - Resolves: Bug 1562152 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filt...

Red Hat: CVE-2018-5157: Critical: firefox security update ((Multiple Advisories)) Vulnerability

  • Severity: 4
  • Published: May 09, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2018:1415:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update up...