Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-11 | CVE-2017-6809 | Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8 paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter). | 6.1 |
| 2017-03-11 | CVE-2017-6808 | Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8 paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter). | 6.1 |
| 2017-03-10 | CVE-2017-6799 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | 6.1 |
| 2017-03-10 | CVE-2017-6596 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Partclone Project Partclone 0.2.89 partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. | 5.5 |
| 2017-03-10 | CVE-2017-6355 | Integer Overflow or Wraparound vulnerability in Freedesktop Virglrenderer 0.5.0 Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access. | 5.5 |
| 2017-03-10 | CVE-2017-6314 | Infinite Loop vulnerability in multiple products The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | 5.5 |
| 2017-03-10 | CVE-2017-6312 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | 5.5 |
| 2017-03-10 | CVE-2017-6797 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. | 6.1 |
| 2017-03-09 | CVE-2017-6591 | Cross-site Scripting vulnerability in Django-Epiceditor Project Django-Epiceditor 0.2.3 There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. | 6.1 |
| 2017-03-09 | CVE-2017-6590 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. | 6.3 |