Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020. The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file.

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Upon installation, Cisco Jabber registers protocol handlers for a number of different protocols. These are used to tell the operating system that whenever a user clicks on a URL containing one of the custom protocols (e.g. ciscoim:test@example.com) the URL should be passed to Cisco Jabber. In this case, the protocol handlers specify that the URL should be passed as a command line flag. These protocol handlers are vulnerable to command injection because they fail to consider URLs that contain spaces. By including a space in the URL, an attacker can inject arbitrary command line flags that will be passed to the application. Since the application uses CEF and accepts Chromium command line flags, several flags that can be used to execute arbitrary commands or load arbitrary DLLs exist. An example of such a flag is --GPU-launcher. This flag specifies a command that will be executed when CEFs GPU process is started. This vulnerability can be combined with the XSS vulnerability to achi…

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0898.

Git LFS 2.12.0 allows Remote Code Execution.

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.