| Date | ID | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-02-15 | CVE-2019-6974 | In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | big\-ip_access_policy_manager, big\-ip_advanced_firewall_manager, big\-ip_analytics, big\-ip_application_acceleration_manager, big\-ip_application_security_manager, big\-ip_edge_gateway, big\-ip_fraud_protection_service, big\-ip_global_traffic_manager, big\-ip_link_controller, big\-ip_local_traffic_manager, big\-ip_policy_enforcement_manager, big\-ip_webaccelerator, debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, linux_kernel, openshift_container_platform, ubuntu_linux, virtualization | 8.1 | ||
| 2019-01-24 | CVE-2019-6777 | An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. | zoneminder | 6.1 | ||
| 2019-01-24 | CVE-2019-6486 | Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. | debian_linux, go, leap | 8.2 | ||
| 2019-01-14 | CVE-2019-6257 | A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php. | elfinder | 7.7 | ||
| 2019-01-10 | CVE-2019-5892 | bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data... | frrouting | 6.5 | ||
| 2019-01-10 | CVE-2019-5884 | php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. | elfinder | 5.9 | ||
| 2019-01-09 | CVE-2019-5748 | In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. | server | 9.8 |
| Date | ID | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-19 | CVE-2019-13971 | OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. | N/A | N/A | ||
| 2019-07-19 | CVE-2019-13972 | LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. | N/A | N/A | ||
| 2019-07-19 | CVE-2019-13973 | LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. | N/A | N/A | ||
| 2019-07-19 | CVE-2019-13974 | LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | N/A | N/A | ||
| 2019-07-19 | CVE-2019-13977 | index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. | N/A | N/A | ||
| 2019-07-19 | CVE-2019-13978 | Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. | N/A | N/A | ||
| 2019-07-19 | CVE-2019-13969 | Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. | N/A | N/A |