Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-09 | CVE-2017-5634 | Exposure of Resource to Wrong Sphere vulnerability in Norwegian-Air Norwegian AIR Kiosk The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. | 6.6 |
| 2017-02-09 | CVE-2017-5846 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | 5.5 |
| 2017-02-09 | CVE-2017-5844 | Divide By Zero vulnerability in Gstreamer Project Gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. | 5.5 |
| 2017-02-09 | CVE-2017-5842 | Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | 5.5 |
| 2017-02-09 | CVE-2017-5837 | Divide By Zero vulnerability in Gstreamer Project Gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. | 5.5 |
| 2017-02-09 | CVE-2016-4988 | Cross-site Scripting vulnerability in Jenkins Build Failure Analyzer Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | 6.1 |
| 2017-02-09 | CVE-2016-4987 | Path Traversal vulnerability in Jenkins Image Gallery Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | 6.5 |
| 2017-02-09 | CVE-2016-3101 | Cross-site Scripting vulnerability in Jenkins Extra Columns Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. | 5.4 |
| 2017-02-09 | CVE-2016-10198 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. | 5.5 |
| 2017-02-09 | CVE-2015-8936 | Cross-site Scripting vulnerability in Squidguard Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | 6.1 |