Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-17 CVE-2019-16393 Open Redirect vulnerability in multiple products
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
network
low complexity
spip debian canonical CWE-601
6.1
6.1
2019-09-17 CVE-2019-16392 Cross-site Scripting vulnerability in multiple products
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
network
low complexity
spip debian canonical CWE-79
6.1
6.1
2019-09-17 CVE-2019-16391 SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database.
network
low complexity
spip debian canonical
6.5
6.5
2019-09-16 CVE-2018-21016 Out-of-bounds Read vulnerability in multiple products
audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
network
low complexity
gpac debian CWE-125
6.5
6.5
2019-09-16 CVE-2018-21015 NULL Pointer Dereference vulnerability in multiple products
AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
network
low complexity
gpac debian CWE-476
6.5
6.5
2019-09-12 CVE-2019-16275 Origin Validation Error vulnerability in multiple products
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled.
low complexity
w1-fi debian canonical CWE-346
6.5
6.5
2019-09-11 CVE-2019-16223 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
network
low complexity
wordpress debian CWE-79
5.4
5.4
2019-09-11 CVE-2019-16222 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
network
low complexity
wordpress debian CWE-79
6.1
6.1
2019-09-11 CVE-2019-16221 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 allows reflected XSS in the dashboard.
network
low complexity
wordpress debian CWE-79
6.1
6.1
2019-09-11 CVE-2019-16220 Open Redirect vulnerability in multiple products
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.
network
low complexity
wordpress debian CWE-601
6.1
6.1