CVE-2018-7047
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).
Source: CVE-2018-7047
CVE-2017-18209
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
Source: CVE-2017-18209
CVE-2017-9274
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
Source: CVE-2017-9274
CVE-2017-9286
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
Source: CVE-2017-9286
CVE-2017-7426
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
Source: CVE-2017-7426
CVE-2017-14799
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
Source: CVE-2017-14799
CVE-2017-7435
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Source: CVE-2017-7435
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
Source: CVE-2017-14804
CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
Source: CVE-2017-9271
CVE-2017-9270
In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.
Source: CVE-2017-9270