CVE-2019-4579

IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.

Source: CVE-2019-4579

CVE-2020-4559

IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.

Source: CVE-2020-4559

CVE-2019-18392

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2019-18392

CVE-2019-19499

Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.

Source: CVE-2019-19499

CVE-2020-5625

Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

Source: CVE-2020-5625

CVE-2020-5624

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Source: CVE-2020-5624

CVE-2020-5623

NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

Source: CVE-2020-5623

CVE-2020-5621

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.

Source: CVE-2020-5621

CVE-2020-24715

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName.

Source: CVE-2020-24715

CVE-2020-10518

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.

Source: CVE-2020-10518