Skip to main content
CVE-2020-13851 HIGH POC THREAT Act Now

Artica Pandora FMS 7.44 allows remote command execution via the events feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
91.1%
CVE-2020-11614 HIGH POC This Week

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mids Reborn Hero Designer
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-11613 HIGH POC This Week

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mids Reborn Hero Designer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-12712 HIGH POC This Week

A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jobscheduler
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
7.8%
CVE-2020-13850 HIGH POC This Week

Artica Pandora FMS 7.44 has inadequate access controls on a web folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pandora Fms
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-12725 HIGH POC PATCH This Week

Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Redash
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2020-13855 HIGH POC THREAT This Week

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
27.6%
CVE-2020-13852 HIGH POC THREAT This Week

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
27.6%
CVE-2020-12713 HIGH POC PATCH This Week

An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Gateway Webmail Messenger
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-12850 HIGH POC This Week

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Cells
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2020-0194 HIGH PATCH This Week

In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0190 HIGH PATCH This Week

In ideint_weave_blk of ideint_utils.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0168 HIGH PATCH This Week

In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0160 HIGH PATCH This Week

In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-0131 HIGH PATCH This Week

In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-5593 HIGH This Week

Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Zenphoto
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-5411 HIGH PATCH This Week

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java RCE Deserialization Spring Batch
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2020-0233 HIGH PATCH This Week

In main of main.cpp, there is possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption Google +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0219 HIGH PATCH This Week

In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Google Java Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0216 HIGH PATCH This Week

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0215 HIGH This Week

In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0210 HIGH PATCH This Week

In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0209 HIGH PATCH This Week

In multiple functions of AccountManager.java, there is a possible permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0208 HIGH PATCH This Week

In multiple functions of AccountManager.java, there is a possible permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0203 HIGH PATCH This Week

In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0202 HIGH PATCH This Week

In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0188 HIGH PATCH This Week

In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0183 HIGH PATCH This Week

In handleMessage of BluetoothManagerService, there is an incomplete reset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0179 HIGH PATCH This Week

In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-0166 HIGH PATCH This Week

In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0155 HIGH PATCH This Week

In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0150 HIGH PATCH This Week

In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0137 HIGH PATCH This Week

In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0136 HIGH PATCH This Week

In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0129 HIGH PATCH This Week

In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-4045 HIGH PATCH This Week

SSB-DB version 20.0.0 has an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ssb Db
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13250 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Hashicorp Denial Of Service HashiCorp Consul
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-13170 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Information Disclosure HashiCorp Consul
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-12758 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Denial Of Service HashiCorp Consul
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-0214 HIGH PATCH This Week

In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-0198 HIGH PATCH This Week

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow Android Libexif +3
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-0181 HIGH PATCH This Week

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow Android Libexif +1
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-0176 HIGH PATCH This Week

In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-0142 HIGH PATCH This Week

In rw_i93_sm_format of rw_i93.c, there is a possible information disclosure due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-0140 HIGH PATCH This Week

In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information disclosure due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-0128 HIGH PATCH This Week

In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-11090 HIGH PATCH This Week

In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Indy Node
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-0133 HIGH PATCH This Week

In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2020-6090 HIGH This Week

An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Pfc200 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-0218 HIGH PATCH This Week

In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.0
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy