Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-16	CVE-2018-21015	NULL Pointer Dereference vulnerability in multiple products AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. network low complexity gpac debian CWE-476	6.5
2019-09-12	CVE-2019-16275	Origin Validation Error vulnerability in multiple products hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. low complexity w1-fi debian canonical CWE-346	6.5
2019-09-11	CVE-2019-16223	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in post previews by authenticated users. network low complexity wordpress debian CWE-79	5.4
2019-09-11	CVE-2019-16222	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16221	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows reflected XSS in the dashboard. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16220	Open Redirect vulnerability in multiple products In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. network low complexity wordpress debian CWE-601	6.1
2019-09-11	CVE-2019-16219	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in shortcode previews. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16218	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in stored comments. network low complexity wordpress debian CWE-79	6.1
2019-09-11	CVE-2019-16217	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. network low complexity wordpress debian CWE-79	6.1
2019-09-09	CVE-2019-16168	Divide By Zero vulnerability in multiple products In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." network low complexity sqlite netapp canonical fedoraproject debian tenable oracle mcafee CWE-369	6.5