Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-17	CVE-2019-17672	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. network low complexity wordpress debian CWE-79	6.1
2019-10-17	CVE-2019-17671	Information Exposure vulnerability in multiple products In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. network low complexity wordpress debian CWE-200	5.3
2019-10-16	CVE-2019-2999	Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). network high complexity oracle redhat netapp debian opensuse canonical	4.7
2019-10-16	CVE-2019-2977	Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). network high complexity oracle netapp debian	4.8
2019-10-16	CVE-2019-2975	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). network high complexity oracle redhat netapp debian opensuse mcafee canonical	4.8
2019-10-16	CVE-2019-2958	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network high complexity oracle netapp opensuse debian	5.9
2019-10-16	CVE-2019-2949	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). network high complexity oracle debian netapp redhat canonical opensuse mcafee	6.8
2019-10-16	CVE-2019-11281	Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. network low complexity pivotal-software debian fedoraproject redhat CWE-79	4.8
2019-10-15	CVE-2017-1002201	Cross-site Scripting vulnerability in multiple products In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. network low complexity haml debian CWE-79	6.1
2019-10-09	CVE-2019-17402	Classic Buffer Overflow vulnerability in multiple products Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. network low complexity exiv2 debian canonical CWE-120	6.5