Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-16 CVE-2017-5857 Memory Leak vulnerability in Qemu
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.
local
low complexity
qemu CWE-401
6.5
2017-03-16 CVE-2017-5856 Memory Leak vulnerability in multiple products
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
local
low complexity
qemu debian CWE-401
6.5
2017-03-16 CVE-2017-5667 Out-of-bounds Read vulnerability in multiple products
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
local
low complexity
qemu debian CWE-125
6.5
2017-03-16 CVE-2017-5643 Server-Side Request Forgery (SSRF) vulnerability in Apache Camel
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
network
low complexity
apache CWE-918
7.4
2017-03-16 CVE-2017-5617 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
network
low complexity
debian kitfox CWE-918
7.4
2017-03-16 CVE-2017-5505 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jasper Project Jasper 1.900.27
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
local
low complexity
jasper-project CWE-119
5.5
2017-03-16 CVE-2016-10187 Permissions, Privileges, and Access Controls vulnerability in Calibre-Ebook Calibre
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
local
low complexity
calibre-ebook CWE-264
5.5
2017-03-16 CVE-2016-0770 Cross-site Scripting vulnerability in Zahmit Design Connections Business Directory Plugin 8.5.8
Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.
network
low complexity
zahmit-design CWE-79
6.1
2017-03-16 CVE-2015-8981 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Podofo Project Podofo
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
network
low complexity
podofo-project CWE-119
critical
9.8
2017-03-16 CVE-2017-6510 Path Traversal vulnerability in Efssoft Easy File Sharing FTP Server 3.6
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
network
low complexity
efssoft CWE-22
7.5