Main entries:
Date ID Summary Products Score Patch Annotated
2008-12-17 CVE-2008-5619 html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. webmail N/A
2008-11-21 CVE-2008-5189 CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. ruby_on_rails N/A
2017-08-07 CVE-2006-3635 The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state. linux_kernel 5.5
2013-05-29 CVE-2002-2443 schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. kerberos N/A
2018-06-08 CVE-2018-4222 There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied icloud, iphone_os, itunes, safari, tvos, ubuntu_linux, watchos 8.8
2018-04-06 CVE-2018-1000156 GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, patch, ubuntu_linux 7.8
2017-06-01 CVE-2017-8386 git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. debian_linux, fedora, git\-shell, leap, ubuntu_linux 8.8

NVD entries (unprocessed):
Date ID Summary Products Score Patch Annotated
2019-07-19 CVE-2019-13971 OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. N/A N/A
2019-07-19 CVE-2019-13972 LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. N/A N/A
2019-07-19 CVE-2019-13973 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. N/A N/A
2019-07-19 CVE-2019-13974 LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. N/A N/A
2019-07-19 CVE-2019-13977 index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. N/A N/A
2019-07-19 CVE-2019-13978 Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. N/A N/A
2019-07-19 CVE-2019-13969 Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. N/A N/A