CVE-2017-9106

An issue was discovered in adns before 1.5.2. adnsrrinfo mishandles a bogus datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun depending on the sizes of the types on...

RHEL 6 : chromium-browser (RHSA-2020:2544)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2544 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 83.0.4103.97. Security Fixes:...

chromium-browser: Insufficient policy enforcement in URL formatting

Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name...

CVE-2020-6481

Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name...

DEBIAN-CVE-2020-6460

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name...

Input validation

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name...

Design/Logic Flaw

Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name...

UBUNTU-CVE-2020-6460

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name...

UBUNTU-CVE-2020-6481

Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name...

CVE-2020-6481

Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name...

CVE-2020-6481

CVE-2020-6481 affects Google Chrome (and Chromium) prior to 83.0.4103.61, where insufficient policy enforcement in URL formatting can enable domain spoofing via crafted domain names. The issue is categorized as an access restriction bypass in the URL formatting path. Remediation per connected adv...

CVE-2020-6460

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name...

CVE-2020-6460

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name...

CVE-2020-6460

CVE-2020-6460 concerns insufficient data validation in URL formatting in Chromium/Google Chrome prior to 81.0.4044.122, enabling domain spoofing via crafted domain names. Connected advisories show downstream fixes and versions: Debian/DSA-4714-1 notes Chromium updates around 83.0.4103.116 for sta...

CVE-2020-6481

Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name...

Google Chrome Security Bypass Vulnerability (CNVD-2020-29297)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome versions prior to 83.0.4103.61, which formats URLs in a way that the program does not fully implement policies. The vulnerability can be exploited by an attacker to bypass security...

Node.js third-party modules: [windows-edge] RCE via insecure command formatting

I would like to report a RCE issue in the windows-edge module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: windows-edge version: 1.0.1 npm page: https://www.npmjs.com/package/windows-edge Module Description Launch a new Microsoft Edge tab on Windows...

Command Injection in forsigner/node-pngdefry

Overview Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:0615-1 Rating: important References: 1170107 Cross-References: CVE-2020-0561 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6462 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes 5...

Node.js third-party modules: [devcert] Command Injection via insecure command formatting

I would like to report a Command Injection issue in the devcert module. It allows to execute arbitrary commands on the victim's PC. Module module name: devcert version: 1.1.0 npm page: https://www.npmjs.com/package/devcert Module Description devcert - Development SSL made easy Module Stats 276,46...