Skip to main content
CVE-2020-6087 HIGH POC This Week

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Rockwell Denial Of Service Flex I O 1794 Aent B Firmware
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-6086 HIGH POC This Week

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Rockwell Denial Of Service Flex I O 1794 Aent B Firmware
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-6083 HIGH POC This Week

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Rockwell Denial Of Service Allen Bradley Flex Io 1794 Aent B Firmware
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-8349 CRITICAL Act Now

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Cloud Networking Operating System
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-15229 CRITICAL PATCH Act Now

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Singularity Backports Sle Leap
NVD GitHub
CVSS 3.1
9.3
EPSS
2.0%
CVE-2020-0376 CRITICAL Act Now

There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2020-0371 CRITICAL Act Now

There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2020-0367 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2020-0339 CRITICAL Act Now

There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2020-0283 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2020-8350 HIGH This Week

An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Authentication Bypass Thinkpad Stack Wireless Router Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-15253 MEDIUM POC PATCH This Month

Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grocy
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.2%
CVE-2020-9746 HIGH This Week

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Null Pointer Dereference Denial Of Service Flash Player
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-0416 HIGH PATCH This Week

In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-7330 HIGH This Week

Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Total Protection
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-7318 MEDIUM POC This Month

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-7383 HIGH This Week

A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nexpose
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-8345 HIGH This Week

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Hardware Scan
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8338 HIGH PATCH This Week

A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Lenovo Information Disclosure Diagnostics
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3427 HIGH This Week

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Duo Authentication For Windows Logon And Rdp
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0423 HIGH This Week

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Use After Free Privilege Escalation Memory Corruption Android +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-0421 HIGH PATCH This Week

In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0420 HIGH PATCH This Week

In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0408 HIGH This Week

In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-25188 HIGH This Week

An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure SCADA
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-0413 HIGH PATCH This Week

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-0377 HIGH This Week

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-15224 MEDIUM PATCH This Month

In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Path Traversal Information Disclosure Openenclave
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-0414 MEDIUM PATCH This Month

In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-0411 MEDIUM PATCH This Month

In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-8332 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Lenovo IBM Bladecenter Hs23 Firmware Bladecenter Hs23E Firmware +16
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-3483 MEDIUM PATCH This Month

Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. Rated medium severity (CVSS 6.3).

Information Disclosure Duo Network Gateway
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2020-24188 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intrexx
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-24551 MEDIUM This Month

IProom MMC+ Server login page does not validate specific parameters properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mmc
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-25778 MEDIUM PATCH This Month

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Trend Micro Information Disclosure Antivirus
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-0415 MEDIUM PATCH This Month

In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Android
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-6933 MEDIUM PATCH This Month

An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Unified Endpoint Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0419 MEDIUM PATCH This Month

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0410 MEDIUM PATCH This Month

In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0400 MEDIUM This Month

In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0398 MEDIUM This Month

In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0378 MEDIUM This Month

In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0246 MEDIUM This Month

In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4395 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Access Manager Appliance
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25777 MEDIUM PATCH This Month

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Antivirus
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-27013 MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-7317 MEDIUM This Month

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList". Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2020-0422 LOW PATCH Monitor

In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2020-0412 LOW PATCH Monitor

In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2020-25824 LOW Monitor

Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Telegram Desktop
NVD GitHub
CVSS 3.1
2.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy