Vulnerabilidades em Rapid7
88 resultadosCVE-2017-5236—Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for theEPSS 0.9%CVE-2017-5234—Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installerEPSS 0.9%CVE-2017-5235—Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the iEPSS 0.9%CVE-2019-5630MEDIUMRapid7 Nexpose/InsightVM Security Console CSRFEPSS 0.9%CVE-2020-7355MEDIUMRapid7 Metasploit Pro Stored XSS in 'notes' fieldEPSS 0.9%CVE-2020-7354MEDIUMRapid7 Metasploit Pro Stored XSS in 'host' fieldEPSS 0.9%CVE-2017-5233—Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer tEPSS 0.9%CVE-2019-5629HIGHRapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. SpecificallEPSS 0.9%CVE-2019-5615LOWRapid7 InsightVM Stored Credential ExposureEPSS 0.8%CVE-2023-1305HIGHRapid7 InsightCloudSec box object access EPSS 0.8%CVE-2017-5232—All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the insEPSS 0.8%CVE-2023-0290MEDIUMRapid7 Velociraptor directory traversal in client ID parameter EPSS 0.7%CVE-2023-2273MEDIUMRapid7 Insight Agent Directory TraversalEPSS 0.7%CVE-2017-5244—Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have beenEPSS 0.7%CVE-2020-7381MEDIUMCode Injection in Rapid7 Nexpose InstallerEPSS 0.7%CVE-2016-9757—In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags caEPSS 0.6%CVE-2018-5559LOWIn Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could returnEPSS 0.6%CVE-2021-3535MEDIUMRapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search fEPSS 0.6%CVE-2021-3619LOWRapid7 Velociraptor Notebooks Authenticated Persistent XSSEPSS 0.6%CVE-2023-0242HIGHInsufficient permission check in the VQL copy() functionEPSS 0.5%