How severe is CVE-2020-0386?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2020-0386?

This is classified as CWE-1021, which is a common weakness in software security.

CVE-2020-0386

MEDIUM Year: 2020

CVSS v3 Score

5.5

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-1021

View all →

Vulnerability Description

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356

CVE-2017-0492

MEDIUM

CVSS:5.5(Medium)

An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a l...

CWE-10212017

CVE-2020-0014

MEDIUM

CVSS:5.5(Medium)

It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution pri...

CWE-10212020

CVE-2021-1038

MEDIUM

CVSS:5.5(Medium)

In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. Us...

CWE-10212021

CVE-2022-20213

MEDIUM

CVSS:5.5(Medium)

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges ne...

CWE-10212022

CVE-2022-20215

MEDIUM

CVSS:5.5(Medium)

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges...

CWE-10212022

CVE-2025-31138

MEDIUM

CVSS:5.5(Medium)

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions (width and height)...

CWE-10212025

CVE-2020-0386

Vulnerability Description

Related Vulnerabilities

CVE-2017-0492

CVE-2020-0014

CVE-2021-1038

CVE-2022-20213

CVE-2022-20215

CVE-2025-31138