Main entries:
Date ID Summary Products Score Patch Annotated
2019-02-15 CVE-2019-6974 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. big\-ip_access_policy_manager, big\-ip_advanced_firewall_manager, big\-ip_analytics, big\-ip_application_acceleration_manager, big\-ip_application_security_manager, big\-ip_edge_gateway, big\-ip_fraud_protection_service, big\-ip_global_traffic_manager, big\-ip_link_controller, big\-ip_local_traffic_manager, big\-ip_policy_enforcement_manager, big\-ip_webaccelerator, debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, linux_kernel, openshift_container_platform, ubuntu_linux, virtualization 8.1
2019-01-24 CVE-2019-6777 An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. zoneminder 6.1
2019-01-24 CVE-2019-6486 Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. debian_linux, go, leap 8.2
2019-01-14 CVE-2019-6257 A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php. elfinder 7.7
2019-01-10 CVE-2019-5892 bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data... frrouting 6.5
2019-01-10 CVE-2019-5884 php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. elfinder 5.9
2019-01-09 CVE-2019-5748 In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. server 9.8

NVD entries (unprocessed):
Date ID Summary Products Score Patch Annotated
2019-07-19 CVE-2019-13971 OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. N/A N/A
2019-07-19 CVE-2019-13972 LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. N/A N/A
2019-07-19 CVE-2019-13973 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. N/A N/A
2019-07-19 CVE-2019-13974 LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. N/A N/A
2019-07-19 CVE-2019-13977 index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. N/A N/A
2019-07-19 CVE-2019-13978 Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. N/A N/A
2019-07-19 CVE-2019-13969 Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. N/A N/A