Total
34582 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26976 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. | |||||
| CVE-2020-26975 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84. | |||||
| CVE-2020-26973 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | |||||
| CVE-2020-26967 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26964 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26963 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26961 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26943 | 1 Openstack | 1 Blazar-dashboard | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. | |||||
| CVE-2020-26931 | 1 Netgear | 6 Wc7500, Wc7500 Firmware, Wc7600 and 3 more | 2024-11-21 | 3.3 LOW | 5.9 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | |||||
| CVE-2020-26928 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 5.8 MEDIUM | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26927 | 1 Netgear | 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more | 2024-11-21 | 7.5 HIGH | 9.4 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
| CVE-2020-26926 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 5.8 MEDIUM | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26925 | 1 Netgear | 2 Gs808e, Gs808e Firmware | 2024-11-21 | 2.1 LOW | 3.2 LOW |
| NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service. | |||||
| CVE-2020-26924 | 1 Netgear | 4 Wac720, Wac720 Firmware, Wac730 and 1 more | 2024-11-21 | 3.3 LOW | 3.1 LOW |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. | |||||
| CVE-2020-26906 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26905 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26904 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26903 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26901 | 1 Netgear | 12 Rbk752, Rbk752 Firmware, Rbk852 and 9 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2020-26900 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||