Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-21	CVE-2019-16680	Path Traversal vulnerability in multiple products An issue was discovered in GNOME file-roller before 3.29.91. network low complexity gnome redhat debian canonical CWE-22	4.3
2019-09-19	CVE-2019-11779	Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. network low complexity eclipse canonical opensuse fedoraproject debian CWE-674	6.5
2019-09-17	CVE-2019-16394	Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. network low complexity spip debian canonical CWE-203	5.3
2019-09-17	CVE-2019-16393	Open Redirect vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. network low complexity spip debian canonical CWE-601	6.1
2019-09-17	CVE-2019-16392	Cross-site Scripting vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. network low complexity spip debian canonical CWE-79	6.1
2019-09-17	CVE-2019-16391	SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. network low complexity spip debian canonical	6.5
2019-09-13	CVE-2019-15031	Improper Synchronization vulnerability in multiple products In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. local low complexity linux redhat canonical opensuse CWE-662	4.4
2019-09-13	CVE-2019-15030	Missing Authorization vulnerability in multiple products In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. local low complexity linux redhat canonical opensuse CWE-862	4.4
2019-09-12	CVE-2019-16275	Origin Validation Error vulnerability in multiple products hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. low complexity w1-fi debian canonical CWE-346	6.5
2019-09-11	CVE-2019-16234	NULL Pointer Dereference vulnerability in multiple products drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. local high complexity linux canonical opensuse CWE-476	4.7