Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-15 | CVE-2017-6435 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libplist Project Libplist 1.12 The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. | 5.0 |
| 2017-03-15 | CVE-2017-6414 | Missing Release of Resource after Effective Lifetime vulnerability in Libcacard Project Libcacard 2.5.0/2.5.1/2.5.2 Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object. | 6.5 |
| 2017-03-15 | CVE-2017-6386 | Missing Release of Resource after Effective Lifetime vulnerability in Virglrenderer Project Virglrenderer Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands. | 6.5 |
| 2017-03-15 | CVE-2017-6317 | Missing Release of Resource after Effective Lifetime vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0 Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable. | 6.5 |
| 2017-03-15 | CVE-2017-6210 | NULL Pointer Dereference vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0 The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero). | 6.5 |
| 2017-03-15 | CVE-2017-6209 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0 Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties. | 6.5 |
| 2017-03-15 | CVE-2017-5994 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0 Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter. | 5.5 |
| 2017-03-15 | CVE-2017-5993 | Missing Release of Resource after Effective Lifetime vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0 Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands. | 6.5 |
| 2017-03-15 | CVE-2017-5938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | 6.1 |
| 2017-03-15 | CVE-2017-5584 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |