Main entries:
Date ID Summary Products Score Patch Annotated
2019-02-04 CVE-2019-7324 app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting. kanboard 6.1
2019-02-01 CVE-2019-7308 kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. leap, linux_kernel, ubuntu_linux 5.6
2019-03-07 CVE-2019-7175 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. imagemagick, leap 7.5
2019-01-28 CVE-2019-6992 A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. zoneminder 6.1
2019-01-28 CVE-2019-6990 A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. zoneminder 5.4
2019-01-28 CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. debian_linux, libgd, ubuntu_linux 9.8
2019-01-26 CVE-2019-6976 libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image. libvips 5.3

NVD entries (unprocessed):
Date ID Summary Products Score Patch Annotated
2019-07-19 CVE-2019-13971 OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. N/A N/A
2019-07-19 CVE-2019-13972 LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. N/A N/A
2019-07-19 CVE-2019-13973 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. N/A N/A
2019-07-19 CVE-2019-13974 LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. N/A N/A
2019-07-19 CVE-2019-13977 index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. N/A N/A
2019-07-19 CVE-2019-13978 Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. N/A N/A
2019-07-19 CVE-2019-13969 Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. N/A N/A