Debian: >> Debian Linux Security Vulnerabilities
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-09-11
WordPress before 5.2.3 allows reflected XSS in the dashboard.
CVSS Score
6.1
EPSS Score
0.018
Published
2019-09-11
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
CVSS Score
6.1
EPSS Score
0.022
Published
2019-09-11
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
CVSS Score
5.4
EPSS Score
0.052
Published
2019-09-11
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
CVSS Score
6.1
EPSS Score
0.015
Published
2019-09-11
WordPress before 5.2.3 allows XSS in stored comments.
CVSS Score
6.1
EPSS Score
0.018
Published
2019-09-11
WordPress before 5.2.3 allows XSS in shortcode previews.
CVSS Score
6.1
EPSS Score
0.019
Published
2019-09-11
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.
CVSS Score
6.1
EPSS Score
0.025
Published
2019-09-11
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
CVSS Score
7.5
EPSS Score
0.028
Published
2019-09-09
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
CVSS Score
5.5
EPSS Score
0.015
Published
2019-09-09