High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-08	CVE-2019-11007	Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. network low complexity graphicsmagick opensuse debian canonical CWE-125	8.1
2019-04-07	CVE-2019-10906	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. network low complexity palletsprojects fedoraproject canonical redhat opensuse	8.6
2019-04-03	CVE-2018-20506	Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). network high complexity sqlite apple opensuse CWE-190	8.1
2019-04-01	CVE-2019-3836	Access of Uninitialized Pointer vulnerability in multiple products It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. network low complexity gnu fedoraproject opensuse CWE-824	7.5
2019-03-28	CVE-2019-5739	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. network low complexity nodejs opensuse CWE-770	7.5
2019-03-28	CVE-2019-5737	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. network low complexity nodejs opensuse CWE-770	7.5
2019-03-28	CVE-2019-7524	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. local low complexity dovecot debian canonical opensuse CWE-119	7.8
2019-03-27	CVE-2018-12180	Out-of-bounds Write vulnerability in multiple products Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. network low complexity tianocore opensuse CWE-787	8.8
2019-03-27	CVE-2019-5419	Allocation of Resources Without Limits or Throttling vulnerability in multiple products There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. network low complexity rubyonrails debian redhat opensuse fedoraproject CWE-770	7.5
2019-03-27	CVE-2019-5418	There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. network low complexity rubyonrails debian redhat opensuse fedoraproject	7.5