Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2017-0008 | Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059. | 4.3 |
| 2017-03-17 | CVE-2017-0007 | Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016 Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." | 5.5 |
| 2017-03-16 | CVE-2017-6951 | NULL Pointer Dereference vulnerability in Linux Kernel The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. | 5.5 |
| 2017-03-16 | CVE-2017-5857 | Memory Leak vulnerability in Qemu Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. | 6.5 |
| 2017-03-16 | CVE-2017-5856 | Memory Leak vulnerability in multiple products Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. | 6.5 |
| 2017-03-16 | CVE-2017-5667 | Out-of-bounds Read vulnerability in multiple products The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. | 6.5 |
| 2017-03-16 | CVE-2017-5505 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jasper Project Jasper 1.900.27 The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | 5.5 |
| 2017-03-16 | CVE-2016-10187 | Permissions, Privileges, and Access Controls vulnerability in Calibre-Ebook Calibre The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | 5.5 |
| 2017-03-16 | CVE-2016-0770 | Cross-site Scripting vulnerability in Zahmit Design Connections Business Directory Plugin 8.5.8 Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable. | 6.1 |
| 2017-03-16 | CVE-2016-10247 | Out-of-bounds Write vulnerability in multiple products Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. | 5.5 |