Main entries:
Date ID Summary Products Score Patch Annotated
2019-02-18 CVE-2019-8903 index.js in Total.js Platform before 3.2.3 allows path traversal. total\.js 7.5
2019-02-17 CVE-2019-8400 ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. hydra 6.1
2019-02-24 CVE-2019-8375 The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka... leap, ubuntu_linux, webkitgtk, webkitgtk\+ 9.8
2019-02-11 CVE-2019-7738 C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. c\.p\.sub 6.5
2019-02-05 CVE-2019-7397 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. graphicsmagick, imagemagick, leap 7.5
2019-02-04 CVE-2019-7396 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. imagemagick, leap 7.5
2019-02-05 CVE-2019-7395 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. imagemagick, leap 7.5

NVD entries (unprocessed):
Date ID Summary Products Score Patch Annotated
2019-06-18 CVE-2019-12868 app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. N/A N/A
2019-06-17 CVE-2019-12865 In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. N/A N/A
2019-06-17 CVE-2017-10718 Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human... N/A N/A
2019-06-17 CVE-2017-10719 Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an... N/A N/A
2019-06-17 CVE-2017-10720 Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that... N/A N/A
2019-06-17 CVE-2017-10721 Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video... N/A N/A
2019-06-17 CVE-2017-10722 Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data... N/A N/A