Main entries:
Date ID Summary Products Score Patch Annotated
2019-02-04 CVE-2019-7324 app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting. kanboard 6.1
2019-02-01 CVE-2019-7308 kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. leap, linux_kernel, ubuntu_linux 5.6
2019-03-07 CVE-2019-7175 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. imagemagick, leap 7.5
2019-01-28 CVE-2019-6992 A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. zoneminder 6.1
2019-01-28 CVE-2019-6990 A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. zoneminder 5.4
2019-01-28 CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. debian_linux, libgd, ubuntu_linux 9.8
2019-01-26 CVE-2019-6976 libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image. libvips 5.3

NVD entries (unprocessed):
Date ID Summary Products Score Patch Annotated
2019-05-23 CVE-2019-12293 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. N/A N/A
2019-05-22 CVE-2018-7201 CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. N/A N/A
2019-05-22 CVE-2018-7803 A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant. N/A N/A
2019-05-22 CVE-2018-7844 A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. N/A N/A
2019-05-22 CVE-2018-7853 A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus N/A N/A
2019-05-22 CVE-2018-7854 A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus. N/A N/A
2019-05-22 CVE-2018-7855 A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus N/A N/A