VulnerableCode Package Details - pkg:deb/ubuntu/mcabber@0.9.3-1

Search for packages

Package details: pkg:deb/ubuntu/mcabber@0.9.3-1

Essentials
History (0)

purl	pkg:deb/ubuntu/mcabber@0.9.3-1

Next non-vulnerable version	1.1.0-1
Latest non-vulnerable version	1.1.0-1
Risk	3.4

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-nq93-zvcm-aaag Aliases: CVE-2017-5604	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4.	1.1.0-1 Affected by 0 other vulnerabilities.
VCID-zzxx-ws55-aaaq Aliases: CVE-2016-9928	MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.	1.0.4-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version