Skip to main content
CVE-2020-11700 MEDIUM POC This Month

An issue was discovered in Titan SpamTitan 7.07. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
7.1%
CVE-2020-13260 MEDIUM POC This Month

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secflow 1V Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-0293 MEDIUM POC This Month

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Java Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-14181 MEDIUM POC THREAT This Month

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Data Center Jira Jira Server
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
99.6%
CVE-2020-15183 MEDIUM POC PATCH This Month

SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS RCE Soycms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-0356 MEDIUM This Month

In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2020-0336 MEDIUM This Month

In SurfaceFlinger, there is possible memory corruption due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-0330 MEDIUM This Month

In iorap, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption RCE +3
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2020-0431 MEDIUM PATCH This Month

In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-0429 MEDIUM PATCH This Month

In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption Google +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-0403 MEDIUM This Month

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-0370 MEDIUM This Month

In libAACdec, there is a possible out of bounds read due to missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0364 MEDIUM This Month

In libDRCdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0363 MEDIUM This Month

In libmedia, there is a possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0362 MEDIUM This Month

In libstagefright, there is a possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0361 MEDIUM This Month

In libDRCdec, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0355 MEDIUM This Month

In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0353 MEDIUM This Month

In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0351 MEDIUM This Month

In libstagefright, there is possible CPU exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0340 MEDIUM This Month

In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-0332 MEDIUM This Month

In libstagefright, there is a possible dead loop due to an uncaught exception. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0324 MEDIUM This Month

In libsonivox, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0320 MEDIUM This Month

In libstagefright, there is a possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0301 MEDIUM This Month

In libstagefright, there is a possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0287 MEDIUM This Month

In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0279 MEDIUM This Month

In the AAC parser, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-0270 MEDIUM This Month

In tremolo, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-0358 MEDIUM This Month

In SurfaceFlinger, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-0428 MEDIUM This Month

In CamX code, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-25729 MEDIUM PATCH This Month

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-13944 MEDIUM PATCH This Month

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Airflow
NVD
CVSS 3.1
6.1
EPSS
25.1%
CVE-2020-0379 MEDIUM PATCH This Month

In the Bluetooth service, there is a possible spoofing attack due to a logic error. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2020-0426 MEDIUM This Month

In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0425 MEDIUM This Month

There is a possible way to view notifications even when the "Lockdown" feature is on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0372 MEDIUM This Month

In ActivityManager, there is a possible access to protected data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0359 MEDIUM This Month

In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0352 MEDIUM This Month

In MediaProvider, there is a possible permissions bypass due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google SQLi Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0344 MEDIUM This Month

In MediaProvider, there is a possible permissions bypass due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google SQLi Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0343 MEDIUM This Month

In NetworkStatsService, there is a possible access to protected data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0337 MEDIUM This Month

In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0329 MEDIUM This Month

In the OMX encoder, there is a possible out of bounds read due to invalid input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0323 MEDIUM This Month

In libavb, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0317 MEDIUM This Month

In UsageStatsManager, there is a possible access to protected data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0314 MEDIUM This Month

In AudioService, there are missing permission checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0312 MEDIUM This Month

In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0308 MEDIUM This Month

In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0297 MEDIUM This Month

In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0296 MEDIUM This Month

In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0290 MEDIUM This Month

In PackageManager, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0289 MEDIUM This Month

In PackageManager, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy