Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 1 - 10 of 92184 in total

Fortinet FortiManager Obsolete Version Vulnerability

  • Severity: 10
  • Published: May 14, 2017

The detected version stream of Fortinet FortiManager has reached the End of Support (EOS) phase. Upgrade Path documents for FortiManager are available from the Fortinet Customer Service and Support Site in the same directory as the firmware images and Release Notes.

ISC BIND: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel (CVE-2017-3138) Vulnerability

  • Severity: 4
  • Published: May 14, 2017

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE ass...

Fortinet FortiAnalyzer Obsolete Version Vulnerability

  • Severity: 10
  • Published: May 14, 2017

The detected version stream of Fortinet FortiAnalyzer has reached the End of Support (EOS) phase. Upgrade Path documents for FortiAnalyzer are available from the Fortinet Customer Service and Support Site in the same directory as the firmware images and Release Notes.

PostgreSQL class C vulnerability in core server: CVE-2017-7484 Vulnerability

  • Severity: 4
  • Published: May 11, 2017

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some in...

PostgreSQL class A vulnerability in client: CVE-2017-7485 Vulnerability

  • Severity: 4
  • Published: May 11, 2017

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between...

Debian: CVE-2017-7485: postgresql-9.4 -- security update Vulnerability

  • Severity: 4
  • Published: May 11, 2017

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between...