Skip to main content
CVE-2020-35381 HIGH POC PATCH This Week

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jsonparser Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-35380 HIGH POC PATCH This Week

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gjson
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-35471 HIGH POC PATCH This Week

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-28072 HIGH POC This Week

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Alumni Management System
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-35121 HIGH This Week

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Database Connector
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25759 HIGH This Week

An issue was discovered on D-Link DSR-250 3.17 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-25758 HIGH This Week

An issue was discovered on D-Link DSR-250 3.17 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection D-Link Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-25757 HIGH This Week

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-29481 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-29479 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Denial Of Service Authentication Bypass Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-29569 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Xen +5
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-0489 HIGH PATCH This Week

In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-35470 HIGH PATCH This Week

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-27054 HIGH PATCH This Week

In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-27052 HIGH PATCH This Week

In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-27051 HIGH PATCH This Week

In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27050 HIGH PATCH This Week

In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27049 HIGH PATCH This Week

In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27048 HIGH PATCH This Week

In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27045 HIGH PATCH This Week

In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27044 HIGH PATCH This Week

In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption Google +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-25712 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Heap Overflow X Server Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-27030 HIGH This Week

In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0486 HIGH PATCH This Week

In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0485 HIGH PATCH This Week

In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0480 HIGH PATCH This Week

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0479 HIGH PATCH This Week

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0478 HIGH PATCH This Week

In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-0475 HIGH This Week

In createInputConsumer of WindowManagerService.java, there is a possible way to block and intercept input events due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8935 HIGH PATCH This Week

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Asylo
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-35122 HIGH This Week

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian SQLi Keysight Database Connector
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-25195 HIGH This Week

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service H0 Ecom100 Firmware H2 Ecom100 Firmware H4 Ecom100 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-29487 HIGH PATCH This Week

An issue was discovered in Xen XAPI before 2020-12-15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xapi
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-27055 HIGH PATCH This Week

In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Java Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-27024 HIGH This Week

In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-0474 HIGH PATCH This Week

In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy