Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 1 - 10 of 124917 in total

Cisco ASA: Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability (cisco-sa-20180418-asawvpn2) (CVE-2018-0251) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability ...

Cisco ASA: Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability (cisco-sa-20180418-asa3) (CVE-2018-0231) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insuf...

Cisco ASA: Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability (cisco-sa-20180418-asawvpn) (CVE-2018-0242) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied i...

Cisco ASA: Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability (cisco-sa-20180418-asaanyconnect) (CVE-2018-0229) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to es...

Cisco ASA: Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability (cisco-sa-20180418-asa2) (CVE-2018-0228) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal so...

Cisco ASA: Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities (cisco-sa-20180418-asa_inspect) (CVE-2018-0240) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilitie...

Cisco ASA: Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability (cisco-sa-20180418-asa1) (CVE-2018-0227) Vulnerability

  • Severity: 4
  • Published: April 19, 2018

A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorre...

Java CPU April 2018 Java SE, Java SE Embedded, JRockit vulnerability (CVE-2018-2795) Vulnerability

  • Severity: 4
  • Published: April 18, 2018

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols...

Java CPU April 2018 Java SE, Java SE Embedded, JRockit vulnerability (CVE-2018-2799) Vulnerability

  • Severity: 4
  • Published: April 18, 2018

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to comprom...