From DHS/US-CERT's National Vulnerability Database
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options...
IBM WebSphere MQ 184.108.40.206 through 220.127.116.11, 18.104.22.168 through 22.214.171.124, 9.0.1 through 9.0.5, and 126.96.36.199 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
IBM WebSphere Commerce 188.8.131.52 through 184.108.40.206 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the ...