42.3

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-28	CVE-2019-5737	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. network low complexity nodejs opensuse CWE-770	7.5
2019-03-28	CVE-2019-7524	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. local low complexity dovecot debian canonical opensuse CWE-119	7.8
2019-03-27	CVE-2019-3840	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. network high complexity redhat opensuse CWE-476	6.3
2019-03-27	CVE-2019-3814	Improper Certificate Validation vulnerability in multiple products It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. network high complexity dovecot canonical opensuse CWE-295	6.8
2019-03-25	CVE-2019-3861	Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. network low complexity libssh2 debian netapp opensuse CWE-125 critical	9.1
2019-03-25	CVE-2019-3860	Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. network low complexity libssh2 debian netapp opensuse CWE-125 critical	9.1
2019-03-25	CVE-2019-3857	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. network low complexity libssh2 debian netapp opensuse redhat fedoraproject oracle CWE-190	8.8
2019-03-25	CVE-2019-3856	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. network low complexity libssh2 debian netapp opensuse redhat fedoraproject oracle CWE-190	8.8
2019-03-25	CVE-2019-3838	It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. local low complexity artifex redhat fedoraproject opensuse debian	5.5
2019-03-25	CVE-2019-3863	Out-of-bounds Write vulnerability in multiple products A flaw was found in libssh2 before 1.8.1. network low complexity libssh2 debian netapp opensuse redhat CWE-787	8.8