Skip to main content
CVE-2020-0561 HIGH This Week

Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Software Guard Extensions Sdk Backports Leap
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0560 HIGH This Week

Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Renesas Electronics Usb 3 0 Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3748 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Adobe Memory Corruption RCE Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-0027 HIGH PATCH This Week

In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0026 HIGH PATCH This Week

In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption Google +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0015 HIGH PATCH This Week

In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3759 HIGH PATCH This Week

Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Digital Editions
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2020-3756 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-3755 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-3753 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-3747 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-3744 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
8.9%
CVE-2020-3741 HIGH PATCH This Week

Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Denial Of Service Experience Manager
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-8801 HIGH This Week

SuiteCRM through 7.11.11 allows PHAR Deserialization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Suitecrm
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-0030 HIGH PATCH This Week

In binder_thread_release of binder.c, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-0005 MEDIUM PATCH This Month

In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-0028 MEDIUM PATCH This Month

In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-0021 MEDIUM PATCH This Month

In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Google Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6973 MEDIUM This Month

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connectport Lts 32 Mei Bios Connectport Lts 32 Mei Firmware
NVD
CVSS 3.1
6.2
EPSS
0.8%
CVE-2020-8981 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS RCE PHP Source Integration
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-7051 MEDIUM This Month

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Codoforum
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7208 MEDIUM This Month

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Linuxki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8988 MEDIUM This Month

The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Voatz
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-0023 MEDIUM PATCH This Month

In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0020 MEDIUM PATCH This Month

In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0014 MEDIUM This Month

It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Google Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-8989 MEDIUM This Month

In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Voatz
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-0018 MEDIUM PATCH This Month

In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-0017 MEDIUM PATCH This Month

In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy