Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-23	CVE-2019-16710	Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. network imagemagick debian opensuse canonical CWE-401	4.3
2019-09-23	CVE-2019-16708	Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. network imagemagick canonical opensuse debian CWE-401	4.3
2019-09-19	CVE-2019-11779	Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. network low complexity eclipse canonical opensuse fedoraproject debian CWE-674	6.5
2019-09-17	CVE-2019-16394	Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. network low complexity spip debian canonical CWE-203	5.0
2019-09-17	CVE-2019-16393	Open Redirect vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. network low complexity spip debian canonical CWE-601	6.1
2019-09-17	CVE-2019-16392	Cross-site Scripting vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. network low complexity spip debian canonical CWE-79	6.1
2019-09-17	CVE-2019-16391	SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. network low complexity spip debian canonical	6.5
2019-09-16	CVE-2018-21016	Out-of-bounds Read vulnerability in multiple products audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. network low complexity gpac debian CWE-125	6.5
2019-09-16	CVE-2018-21015	NULL Pointer Dereference vulnerability in multiple products AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. network low complexity gpac debian CWE-476	6.5
2019-09-12	CVE-2019-16275	Origin Validation Error vulnerability in multiple products hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. low complexity w1-fi debian canonical CWE-346	6.5