CVE-2019-4651

IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962.

Source: CVE-2019-4651

CVE-2020-1787

HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user’s desktop in an instant, without unlocking the screen lock of the host user.

Source: CVE-2020-1787

CVE-2020-1826

Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information.

Source: CVE-2020-1826

CVE-2019-14920

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.

Source: CVE-2019-14920

CVE-2019-14919

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device.

Source: CVE-2019-14919

CVE-2019-14918

XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etc_ro/web/internet/dhcpcliinfo.asp.

Source: CVE-2019-14918

CVE-2019-20224

netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request.

Source: CVE-2019-20224

CVE-2019-11981

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11984. Reason: This candidate is a duplicate of CVE-2019-11984. Notes: All CVE users should reference CVE-2019-11984 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2019-11981

CVE-2018-18514

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.

Source: CVE-2018-18514

CVE-2018-18516

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.

Source: CVE-2018-18516