Skip to main content
CVE-2020-12714 MEDIUM POC PATCH This Month

An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gateway Webmail Messenger
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-13853 MEDIUM POC This Month

Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-0164 MEDIUM POC This Month

In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-0186 MEDIUM PATCH This Month

In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2020-0165 MEDIUM PATCH This Month

In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-0153 MEDIUM PATCH This Month

In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-0124 MEDIUM PATCH This Month

In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2020-0213 MEDIUM This Month

In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-0212 MEDIUM PATCH This Month

In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Denial Of Service Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0211 MEDIUM PATCH This Month

In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0207 MEDIUM PATCH This Month

In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0205 MEDIUM PATCH This Month

In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0200 MEDIUM PATCH This Month

In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0196 MEDIUM PATCH This Month

In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-0195 MEDIUM PATCH This Month

In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0193 MEDIUM PATCH This Month

In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0192 MEDIUM PATCH This Month

In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0191 MEDIUM PATCH This Month

In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0189 MEDIUM PATCH This Month

In ihevcd_decode() of ihevcd_decode.c, there is possible resource exhaustion due to an infinite loop. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0184 MEDIUM PATCH This Month

In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinite loop due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0182 MEDIUM PATCH This Month

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-0180 MEDIUM PATCH This Month

In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0175 MEDIUM PATCH This Month

In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0174 MEDIUM PATCH This Month

In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0173 MEDIUM PATCH This Month

In Parse_lins of eas_mdls.c, there is possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0172 MEDIUM PATCH This Month

In Parse_art of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0171 MEDIUM PATCH This Month

In Parse_lart of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0170 MEDIUM PATCH This Month

In IMY_Event of eas_imelody.c, there is possible resource exhaustion due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0169 MEDIUM PATCH This Month

In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0163 MEDIUM PATCH This Month

In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0162 MEDIUM PATCH This Month

In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0161 MEDIUM PATCH This Month

In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0127 MEDIUM PATCH This Month

In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0126 MEDIUM PATCH This Month

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition RCE Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-5592 MEDIUM This Month

Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zenphoto
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-0206 MEDIUM PATCH This Month

In the settings app, there is a possible app crash due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0197 MEDIUM PATCH This Month

In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0187 MEDIUM PATCH This Month

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0185 MEDIUM PATCH This Month

In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0178 MEDIUM PATCH This Month

In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0177 MEDIUM PATCH This Month

In connect() of PanService.java, there is a possible permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0167 MEDIUM PATCH This Month

In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-0159 MEDIUM PATCH This Month

In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0156 MEDIUM PATCH This Month

In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0134 MEDIUM PATCH This Month

In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0132 MEDIUM PATCH This Month

In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Deserialization Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4380 MEDIUM This Month

IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Workload Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-12797 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Information Disclosure HashiCorp Consul
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-13998 MEDIUM This Month

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenapp
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-0157 MEDIUM PATCH This Month

In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy