Rapid7 Metasploit Framework
6 CVEs affecting Rapid7 Metasploit Framework. Latest disclosed: 2021-04-23. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-7385 | High | 8.1 | 2021-04-23 | By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploi… |
CVE-2020-7377 | High | 8.1 | 2020-08-24 | The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar meth… |
CVE-2019-5645 | High | 7.5 | 2020-09-01 | By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When e… |
CVE-2019-5624 | High | 7.4 | 2019-04-30 | Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip impor… |
CVE-2020-7376 | High | 7.1 | 2020-08-24 | The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can… |
CVE-2020-7350 | Medium | 6.1 | 2020-04-22 | Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted use… |