Astra Linux - уязвимость в firefox, thunderbird

When encoding data from an inputStream in xpcom, the size of the input being encoded was not correctly calculated, potentially leading to an out-of-bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 109. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 110...

Astra Linux - уязвимость в firefox, thunderbird

When importing an SPKI RSA public key as an ECDSA P-256 key, the key is handled incorrectly, causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 109 and Firefox ESR 102.7. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions less than 110 and...

Astra Linux - уязвимость в firefox

When dragging and dropping an image across origins, the size of the image may be leaked. This behavior was present in version 109 and caused web compatibility issues, as well as this security concern. Therefore, this behavior was disabled until further review. This vulnerability affects Firefox...

Astra Linux - уязвимость в chromium

Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had access to a race condition to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в thunderbird, firefox

Module load requests that failed were not checked to determine whether they had been cancelled, resulting in a use-after-free in ScriptLoadContext. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux - уязвимость в thunderbird, firefox

A background script that invokes requestFullscreen and then blocks the main thread could cause the browser to enter fullscreen mode indefinitely, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102....

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

PT-2025-50728

Name of the Vulnerable Software and Affected Versions cPanel versions 110 through 132 Description A directory traversal issue exists within the Team Manager API. This allows for the overwriting of arbitrary files, potentially leading to privilege escalation to the root user. Recommendations Updat...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

Malicious code in elf-stats-jolly-workshop-110 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e679d5d5a46c0d11def8bd6fecfa115c7bac04432843cdd92392a004c164ea The package elf-stats-jolly-workshop-110 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-192261 Malicious code in elf-stats-jolly-workshop-110 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e679d5d5a46c0d11def8bd6fecfa115c7bac04432843cdd92392a004c164ea The package elf-stats-jolly-workshop-110 was found to contain malicious code. Source: ossf-package-analysis...

CVE-2021-4469

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

CVE-2021-4469 Denver SHO-110 IP Camera Unauthenticated Snapshot Access

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

CVE-2021-4469 Denver SHO-110 IP Camera Unauthenticated Snapshot Access

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

PT-2025-47020

Name of the Vulnerable Software and Affected Versions Denver SHO-110 IP cameras affected versions not specified Description Denver SHO-110 IP cameras have a secondary HTTP service accessible on TCP port 8001. This service provides access to the /snapshot endpoint without requiring authentication...

Denver SHO-110 安全漏洞

The Denver SHO-110 is a wireless IP camera from Denver, Denmark. A security vulnerability exists in the Denver SHO-110 that originates from an unauthenticated HTTP service exposing a snapshot endpoint, which could lead to compromised confidentiality of the surveillance environment...

Malicious code in riyanto-110 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7757ae5f54f1702892f324f0e8c4d6b2d7c1f47330d9a3f96a2d17c9c792ef9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...