Skip to main content
CVE-2020-5259 HIGH POC PATCH This Week

In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js RCE Code Injection Dojox
NVD GitHub
CVSS 3.1
8.6
EPSS
2.0%
CVE-2020-5258 HIGH POC PATCH This Week

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available.

Node.js RCE Code Injection Dojo Debian Linux +8
NVD GitHub
CVSS 3.1
7.7
EPSS
4.0%
CVE-2020-0032 HIGH This Week

In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-6208 HIGH This Week

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

SAP Use After Free Memory Corruption RCE Crystal Reports
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2020-5254 HIGH This Week

In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Nethack
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-0085 HIGH This Week

In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0084 HIGH This Week

In several functions of NotificationManagerService.java, there are missing permission checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0054 HIGH PATCH This Week

In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0051 HIGH PATCH This Week

In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

XSS Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0046 HIGH This Week

In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0069 HIGH KEV THREAT This Week

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Mediatek Buffer Overflow Privilege Escalation Memory Corruption Google +29
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-0041 HIGH KEV THREAT This Week

In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2020-0036 HIGH This Week

In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0033 HIGH This Week

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-18336 HIGH This Week

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic S7 300 Cpu Firmware Simatic S7 300 Cpu 312 Ifm Firmware Simatic S7 300 Cpu 313 Firmware Simatic S7 300 Cpu 314 Firmware +8
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2020-6209 HIGH This Week

SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SAP Authentication Bypass Disclosure Management
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-6196 HIGH This Week

SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Businessobjects Mobile
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-0062 HIGH This Week

In Euicc, there is a possible information disclosure due to an included test Certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-0083 HIGH This Week

In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-0039 HIGH This Week

In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-0038 HIGH This Week

In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-0037 HIGH This Week

In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-0034 HIGH This Week

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-0063 HIGH This Week

In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2020-6202 HIGH This Week

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy