** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI.
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 220.127.116.11, R6700 before 18.104.22.168, R6900 before 22.214.171.124, R7500v2 before 126.96.36.199, R7800 before 188.8.131.52, R9000 before 184.108.40.206, WNDR4300v2 before 220.127.116.11, and WNDR4500v3 before 18.104.22.168.
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.