Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-08	CVE-2019-1787	Out-of-bounds Read vulnerability in multiple products A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. local low complexity clamav debian opensuse CWE-125	5.5
2019-04-08	CVE-2019-11010	Memory Leak vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. network low complexity graphicsmagick debian opensuse CWE-401	6.5
2019-04-07	CVE-2019-10732	Cleartext Transmission of Sensitive Information vulnerability in multiple products In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. network low complexity kde debian CWE-319	4.3
2019-04-06	CVE-2019-10904	Cross-site Scripting vulnerability in multiple products Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. network low complexity debian roundup-tracker CWE-79	6.1
2019-04-05	CVE-2019-10868	Missing Authorization vulnerability in multiple products In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. network low complexity tryton debian CWE-862	6.5
2019-03-30	CVE-2019-10649	Memory Leak vulnerability in multiple products In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. local low complexity imagemagick debian canonical CWE-401	5.5
2019-03-26	CVE-2019-6341	Cross-site Scripting vulnerability in multiple products In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. network low complexity drupal debian fedoraproject CWE-79	5.4
2019-03-25	CVE-2019-3874	The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. low complexity linux debian redhat canonical netapp	6.5
2019-03-25	CVE-2019-3838	It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. local low complexity artifex redhat fedoraproject opensuse debian	5.5
2019-03-25	CVE-2019-3835	Missing Authorization vulnerability in multiple products It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. local low complexity artifex redhat fedoraproject debian opensuse CWE-862	5.5