Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 1 - 10 of 98620 in total

Obsolete Version of Drupal Vulnerability

  • Severity: 10
  • Published: November 08, 2017
Older versions of drupal (prior to 7) are no longer officially supported. There may exist unreported vulnerabilities for these versions. An upgrade to the latest version should be applied to mitigate these unknown risks.

MFSA2017-20 Thunderbird: Security vulnerabilities fixed in Thunderbird 52.3 (CVE-2017-7779) Vulnerability

  • Severity: 4
  • Published: August 17, 2017

Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54, Firefox ESR 52.2, and Thunderbird 52....

MFSA2017-20 Thunderbird: Security vulnerabilities fixed in Thunderbird 52.3 (CVE-2017-7804) Vulnerability

  • Severity: 4
  • Published: August 17, 2017

The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. ...

Debian: CVE-2017-12904: newsbeuter -- security update Vulnerability

  • Severity: 4
  • Published: August 17, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3947:

Jeriko One discovered that newsbeuter, a text-mode RSS feed reader,

did not properly escape the title and description of a news artic...