Main entries:
Date ID Summary Products Score Patch Annotated
2019-03-01 CVE-2019-9482 In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only). misp 5.3
2019-03-05 CVE-2019-9213 In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. debian_linux, enterprise_linux, leap, linux_kernel, ubuntu_linux 5.5
2019-02-25 CVE-2019-9162 In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. element_software_management, linux_kernel 7.8
2019-02-22 CVE-2019-9003 In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. element_software_management, linux_kernel 7.5
2019-02-22 CVE-2019-9002 An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed. bugs, tiny_issue 9.8
2019-02-20 CVE-2019-8953 The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. haproxy 6.1
2019-02-18 CVE-2019-8906 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file, iphone_os, leap, mac_os_x, tvos, ubuntu_linux, watchos 8.8

NVD entries (unprocessed):
Date ID Summary Products Score Patch Annotated
2019-07-19 CVE-2019-13971 OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. N/A N/A
2019-07-19 CVE-2019-13972 LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. N/A N/A
2019-07-19 CVE-2019-13973 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. N/A N/A
2019-07-19 CVE-2019-13974 LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. N/A N/A
2019-07-19 CVE-2019-13977 index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. N/A N/A
2019-07-19 CVE-2019-13978 Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. N/A N/A
2019-07-19 CVE-2019-13969 Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. N/A N/A