CVE-2017-12187

xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Source: CVE-2017-12187

CVE-2017-12186

xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Source: CVE-2017-12186

CVE-2018-1000018

An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user’s password in the log file.

Source: CVE-2018-1000018

CVE-2017-1769

IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.

Source: CVE-2017-1769

CVE-2017-1000475

FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.

Source: CVE-2017-1000475

CVE-2017-15718

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Source: CVE-2017-15718

CVE-2018-6187

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

Source: CVE-2018-6187

CVE-2018-6184

ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.

Source: CVE-2018-6184

CVE-2018-5984

SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.

Source: CVE-2018-5984

CVE-2018-5988

SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.

Source: CVE-2018-5988