Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 41 - 50 of 139825 in total

MFSA2019-08 Firefox: Security vulnerabilities fixed in Firefox ESR 60.6 (CVE-2019-9791) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an...

MFSA2019-07 Firefox: Security vulnerabilities fixed in Firefox 66 (CVE-2019-9802) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent...

MFSA2019-07 Firefox: Security vulnerabilities fixed in Firefox 66 (CVE-2019-9803) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-...

SUSE: CVE-2019-3855: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: March 19, 2019

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2019-3855:

This CVE is addressed in the SUSE advisories SUSE-SU-2019:13982-1.

SUSE: CVE-2019-3858: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: March 19, 2019

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2019-3858:

This CVE is addressed in the SUSE advisories SUSE-SU-2019:13982-1.

MFSA2019-07 Firefox: Security vulnerabilities fixed in Firefox 66 (CVE-2019-9809) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack.