CVE-2018-20335
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
CVE-2018-20333 (asuswrt)
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
CVE-2019-18785
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.
CVE-2019-18782
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
CVE-2020-9343
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn’t limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested …
CVE-2019-19029 (harbor, vmware_harbor_registry)
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2020-9344 (subversion_application_lifecycle_management)
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
CVE-2019-19023 (harbor, vmware_harbor_registry)
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19026 (harbor, vmware_harbor_registry)
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19486
Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test.