Main entries:
Date ID Summary Products Score Patch Annotated
2019-02-18 CVE-2019-8903 index.js in Total.js Platform before 3.2.3 allows path traversal. total\.js 7.5
2019-02-17 CVE-2019-8400 ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. hydra 6.1
2019-02-24 CVE-2019-8375 The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka... leap, ubuntu_linux, webkitgtk, webkitgtk\+ 9.8
2019-02-11 CVE-2019-7738 C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. c\.p\.sub 6.5
2019-02-05 CVE-2019-7397 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. graphicsmagick, imagemagick, leap 7.5
2019-02-04 CVE-2019-7396 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. imagemagick, leap 7.5
2019-02-05 CVE-2019-7395 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. imagemagick, leap 7.5

NVD entries (unprocessed):
Date ID Summary Products Score Patch Annotated
2019-05-23 CVE-2019-12293 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. N/A N/A
2019-05-22 CVE-2018-7201 CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. N/A N/A
2019-05-22 CVE-2018-7803 A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant. N/A N/A
2019-05-22 CVE-2018-7844 A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. N/A N/A
2019-05-22 CVE-2018-7853 A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus N/A N/A
2019-05-22 CVE-2018-7854 A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus. N/A N/A
2019-05-22 CVE-2018-7855 A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus N/A N/A