Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-09 | CVE-2017-5593 | Origin Validation Error vulnerability in Psi-Plus Psi+ 0.16.563.580/0.16.571.627 An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. | 5.9 |
| 2017-02-09 | CVE-2017-5592 | Origin Validation Error vulnerability in Profanity Project Profanity 0.4.7/0.5.0 An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. | 5.9 |
| 2017-02-09 | CVE-2017-5591 | Origin Validation Error vulnerability in multiple products An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. | 5.9 |
| 2017-02-09 | CVE-2017-5590 | Origin Validation Error vulnerability in multiple products An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. | 5.9 |
| 2017-02-09 | CVE-2017-5589 | Origin Validation Error vulnerability in Yaxim Bruno and Yaxim An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. | 5.9 |
| 2017-02-09 | CVE-2017-5634 | Exposure of Resource to Wrong Sphere vulnerability in Norwegian-Air Norwegian AIR Kiosk The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. | 6.6 |
| 2017-02-09 | CVE-2017-5846 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | 5.5 |
| 2017-02-09 | CVE-2017-5844 | Divide By Zero vulnerability in Gstreamer Project Gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. | 5.5 |
| 2017-02-09 | CVE-2017-5842 | Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | 5.5 |
| 2017-02-09 | CVE-2017-5837 | Divide By Zero vulnerability in Gstreamer Project Gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. | 5.5 |