| Date | ID | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-02-15 | CVE-2019-6974 | In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | big\-ip_access_policy_manager, big\-ip_advanced_firewall_manager, big\-ip_analytics, big\-ip_application_acceleration_manager, big\-ip_application_security_manager, big\-ip_edge_gateway, big\-ip_fraud_protection_service, big\-ip_global_traffic_manager, big\-ip_link_controller, big\-ip_local_traffic_manager, big\-ip_policy_enforcement_manager, big\-ip_webaccelerator, debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, linux_kernel, openshift_container_platform, ubuntu_linux, virtualization | 8.1 | ||
| 2019-01-24 | CVE-2019-6777 | An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. | zoneminder | 6.1 | ||
| 2019-01-24 | CVE-2019-6486 | Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. | debian_linux, go, leap | 8.2 | ||
| 2019-01-14 | CVE-2019-6257 | A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php. | elfinder | 7.7 | ||
| 2019-01-10 | CVE-2019-5892 | bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data... | frrouting | 6.5 | ||
| 2019-01-10 | CVE-2019-5884 | php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. | elfinder | 5.9 | ||
| 2019-01-09 | CVE-2019-5748 | In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. | server | 9.8 |
| Date | ID | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-23 | CVE-2019-12293 | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. | N/A | N/A | ||
| 2019-05-22 | CVE-2018-7201 | CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | N/A | N/A | ||
| 2019-05-22 | CVE-2018-7803 | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant. | N/A | N/A | ||
| 2019-05-22 | CVE-2018-7844 | A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. | N/A | N/A | ||
| 2019-05-22 | CVE-2018-7853 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus | N/A | N/A | ||
| 2019-05-22 | CVE-2018-7854 | A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus. | N/A | N/A | ||
| 2019-05-22 | CVE-2018-7855 | A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus | N/A | N/A |