HP published an advisory for three vulnerabilities in its Device Manager software, which lets IT admins remotely manage HP thin clients. CVEs included in the advisory are CVE-2020-6925 (weak cipher), CVE-2020-6926 (remote method invocation), and CVE-2020-6927 (local privilege escalation). Some of these vulnerabilities can be chained together to allow an unauthenticated, remote attacker to gain local SYSTEM privileges on a vulnerable target. HP advisory: https://support.hp.com/us-en/document/c06921908

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0898.

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software.

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.

Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

There are active attack campaigns as of October 2020 targeting RDP servers without multi-factor authentication enabled.

index.js in Total.js Platform before 3.2.3 allows path traversal.

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability