From DHS/US-CERT's National Vulnerability Database
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options...
IBM WebSphere MQ 220.127.116.11 through 18.104.22.168, 22.214.171.124 through 126.96.36.199, 9.0.1 through 9.0.5, and 188.8.131.52 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
IBM WebSphere Commerce 184.108.40.206 through 220.127.116.11 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.