How severe is CVE-2020-11054?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2020-11054?

This is classified as CWE-684, which is a common weakness in software security.

CVE-2020-11054

LOW Year: 2020

CVSS v3 Score

3.5

Low

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-684

View all →

Vulnerability Description

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned.

CVE-2024-5005

MEDIUM

CVSS:4.3(Medium)

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 1...

CWE-6842024

CVE-2024-8974

MEDIUM

CVSS:4.3(Medium)

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unautho...

CWE-6842024

CVE-2023-24845

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCO...

CWE-6842023

CVE-2024-50357

CRITICAL

CVSS:9.8(Critical)

FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enab...

CWE-6842024

CVE-2024-6425

CRITICAL

CVSS:9.1(Critical)

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/...

CWE-6842024

CVE-2023-5363

HIGH

CVSS:7.5(High)

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ...

CWE-6842023

CVE-2020-11054

Vulnerability Description

Related Vulnerabilities

CVE-2024-5005

CVE-2024-8974

CVE-2023-24845

CVE-2024-50357

CVE-2024-6425

CVE-2023-5363