Skip to main content
CVE-2020-25728 HIGH POC This Week

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Reset Password
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-11804 HIGH POC This Week

An issue was discovered in Titan SpamTitan 7.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.1%
CVE-2020-11803 HIGH POC This Week

An issue was discovered in Titan SpamTitan 7.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.5%
CVE-2020-11699 HIGH POC This Week

An issue was discovered in Titan SpamTitan 7.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
9.6%
CVE-2020-6116 HIGH POC THREAT This Week

An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
28.4%
CVE-2020-6115 HIGH POC This Week

An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-6113 HIGH POC THREAT This Week

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
68.6%
CVE-2020-6112 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
17.1%
CVE-2020-25727 HIGH POC This Week

The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Reset Password
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-25490 HIGH POC This Week

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Code Injection PHP Php Microagent
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2020-24046 HIGH POC This Week

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Spamtitan
NVD GitHub
CVSS 3.1
7.2
EPSS
3.4%
CVE-2020-24045 HIGH POC This Week

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass VMware Spamtitan
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-0321 HIGH This Week

In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0303 HIGH This Week

In the Media extractor, there is a possible use after free due to improper locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Google Use After Free +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-0264 HIGH This Week

In libstagefright, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0245 HIGH PATCH This Week

In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption Information Disclosure Android
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-13948 HIGH PATCH This Week

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Information Disclosure Superset
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-24750 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Agile Plm Application Testing Suite Autovue For Agile Product Lifecycle Management +22
NVD GitHub
CVSS 3.1
8.1
EPSS
7.3%
CVE-2020-0406 HIGH This Week

In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0375 HIGH This Week

In Telephony, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0374 HIGH This Week

In NFC, there is a possible permission bypass due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0369 HIGH This Week

In libavb, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0366 HIGH This Week

In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0360 HIGH This Week

In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0357 HIGH This Week

In SurfaceFlinger, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Use After Free Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0346 HIGH This Week

In Mediaserver, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0345 HIGH This Week

In DocumentsUI, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0341 HIGH This Week

In DisplayManager, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0306 HIGH This Week

In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0277 HIGH This Week

In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0275 HIGH This Week

In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0267 HIGH This Week

In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-0266 HIGH This Week

In factory reset protection, there is a possible FRP bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0130 HIGH This Week

In screencap, there is a possible command injection due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Command Injection Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0434 HIGH This Week

In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption Google +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0433 HIGH PATCH This Week

In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Memory Corruption Google Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0432 HIGH PATCH This Week

In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0430 HIGH This Week

In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0387 HIGH This Week

In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-0401 HIGH This Week

In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0394 HIGH This Week

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0392 HIGH This Week

In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0391 HIGH This Week

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0388 HIGH PATCH This Week

In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0074 HIGH PATCH This Week

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0381 HIGH PATCH This Week

In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Information Disclosure Integer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy