Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-29	CVE-2019-15681	Improper Initialization vulnerability in multiple products LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. network low complexity libvnc-project canonical debian siemens CWE-665	5.0
2019-10-29	CVE-2011-4931	Weak Password Requirements vulnerability in multiple products gpw generates shorter passwords than required network low complexity gpw-project debian CWE-521	5.0
2019-10-28	CVE-2012-5577	Incorrect Default Permissions vulnerability in multiple products Python keyring lib before 0.10 created keyring files with world-readable permissions. network low complexity python debian CWE-276	5.0
2019-10-23	CVE-2019-18281	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. network qt debian CWE-119	4.3
2019-10-22	CVE-2019-15587	Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. network low complexity loofah-project fedoraproject canonical debian CWE-79	5.4
2019-10-18	CVE-2019-18197	Use After Free vulnerability in multiple products In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. network high complexity xmlsoft canonical debian CWE-416	5.1
2019-10-17	CVE-2019-17674	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. network low complexity wordpress debian CWE-79	5.4
2019-10-17	CVE-2019-17673	WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. network low complexity wordpress debian	5.0
2019-10-17	CVE-2019-17672	Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. network low complexity wordpress debian CWE-79	6.1
2019-10-17	CVE-2019-17671	Information Exposure vulnerability in multiple products In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. network low complexity wordpress debian CWE-200	5.3