Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 81 - 90 of 134950 in total

Ubuntu: USN-3812-1 (CVE-2018-16843): nginx vulnerabilities Vulnerability

  • Severity: 4
  • Published: November 06, 2018

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Ubuntu: USN-3812-1 (CVE-2018-16844): nginx vulnerabilities Vulnerability

  • Severity: 4
  • Published: November 06, 2018

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Debian: CVE-2018-16844: nginx -- security update Vulnerability

  • Severity: 4
  • Published: November 06, 2018

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Ubuntu: USN-3812-1 (CVE-2018-16845): nginx vulnerabilities Vulnerability

  • Severity: 4
  • Published: November 06, 2018

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_ht...

Gentoo Linux: CVE-2018-18820: Icecast: Arbitrary code execution Vulnerability

  • Severity: 4
  • Published: November 05, 2018

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.

Cisco ASA: CVE-2018-15454: Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability (cisco-sa-20181031-asaftd-sip-dos) Vulnerability

  • Severity: 4
  • Published: November 01, 2018

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The v...