|
209661
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2020-26955
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209662
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u…
|
NVD-CWE-Other
|
CVE-2020-26954
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209663
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerabilit…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-26953
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209664
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affect…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26952
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209665
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privilege…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26951
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209666
|
8.8 |
HIGH
Network
|
mozilla
|
firefox_esr
thunderbird
firefox
|
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox …
|
CWE-416
Use After Free
|
CVE-2020-26950
|
2024-11-21 14:20 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209667
|
8.8 |
HIGH
Network
|
katacontainers
|
kata_containers
|
An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted acc…
|
NVD-CWE-noinfo
|
CVE-2020-27151
|
2024-11-21 14:20 |
2020-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209668
|
9.8 |
CRITICAL
Network
|
edimax
|
ic-3116w_firmware
ic-3140w_firmware
|
A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafte…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26762
|
2024-11-21 14:20 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209669
|
4.8 |
MEDIUM
Network
|
eclipse
netapp
oracle
apache
debian
|
jetty
snap_creator_framework
oncommand_system_manager
flexcube_private_banking
communications_offline_mediation_controller
communications_services_gatekeeper
communications_pricing_…
|
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients…
|
NVD-CWE-noinfo
|
CVE-2020-27218
|
2024-11-21 14:20 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209670
|
8.8 |
HIGH
Network
|
cloudera
|
data_engineering
|
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
|
CWE-352
Origin Validation Error
|
CVE-2020-26936
|
2024-11-21 14:20 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
