CVE-2020-15978

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...

CVE-2020-15983

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page...

CVE-2020-15977

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...

CVE-2020-16007

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem...

Input validation

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...

Input validation

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...

Input validation

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem...

CVE-2020-16007

CVE-2020-16007 is a vulnerability in the Chromium/Google Chrome installer: insufficient data validation in the installer can allow a local attacker to elevate privileges via a crafted filesystem. Public advisories indicate the fix was shipped in Chrome/Chromium around version 86.0.4240.183 (with ...

CVE-2020-16007

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem...

CVE-2020-16007

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem...

CVE-2020-15983

CVE-2020-15983 affects the Chromium browser’s webUI component and is tied to insufficient data validation before version 86.0.4240.75 (ChromeOS) that could allow a local attacker to bypass content security policy with a crafted HTML page. Public advisories and vendor notes show fixes in the 86.0....

CVE-2020-15983

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page...

CVE-2020-15978

CVE-2020-15978 affects Chromium/Google Chrome navigation in the renderer on Android before 86.0.4240.75. The issue is described as insufficient data validation in the navigation component, allowing a compromised renderer to bypass navigation restrictions via a crafted HTML page. Connected sources...

CVE-2020-15978

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...

CVE-2020-15978

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...

CVE-2020-15977

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...

CVE-2020-15977

The CVE entry CVE-2020-15977 describes an insufficient data validation issue in the dialogs component of the Chromium browser prior to 86.0.4240.75, enabling a remote attacker to potentially disclose data from disk via a crafted HTML page. Connected advisories (e.g., Arch Linux ASA-202010-1) enum...

CVE-2020-15977

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...

The vulnerability of the `var_NetworkSettingDhcpSvrRoute` function in the Moxa EDR-810 industrial router’s software allows a attacker to trigger an emergency shutdown of the device.

The vulnerability of the varNetworkSettingDhcpSvrRoute function in the Moxa EDR-810 industrial router’s microprogramming system is related to the lack of input data verification when accessing by using the OID identifier index. Exploiting this vulnerability can allow a malicious actor to trigger ...

Foxit Studio Photo Remote Code Execution Vulnerability (CNVD-2020-59778)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. A remote code execution vulnerability exists in the handling of NEF files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied dat...