Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.