959 matches found
Astra Linux - уязвимость в chromium
A heap buffer overflow in History in Google Chrome prior to version 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 90.0.4430.212, using Autofill in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux - уязвимость в chromium
Using “after free” in Aura in Google Chrome before version 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux - уязвимость в chromium
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
Astra Linux - уязвимость в chromium
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Astra Linux - уязвимость в firefox, thunderbird
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbi...
EUVD-2026-19867
RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration...
CVE-2026-39360 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration
RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...
MiracleLinux 4 : scsi-target-utils-1.0.4-3.AXS4.1 (AXSA:2011-90:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-90:01 advisory. The SCSI target package contains the daemon and tools to setup a SCSI targets. Currently, software iSCSI targets are supported. Security issues fixed with this...
Mozilla Firefox < 34.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 34.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2014-90 advisory. - jemalloc poisoning plus Apple uninitialized variable usage triggers keylogging in /tmp/ on OSX 10.10CVE-2014-1595...
Mozilla Firefox < 34.0
The version of Firefox installed on the remote Windows host is prior to 34.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2014-90 advisory. - jemalloc poisoning plus Apple uninitialized variable usage triggers keylogging in /tmp/ on OSX 10.10CVE-2014-1595 CVE-2014-1595...
Malicious code in billa-90 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7519d32e01563891863bfbe2737531af796010435515a408d467c660380f66e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bitha-90 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 713543a59bf8f4047b3f8cbe9d0ae560ddcf82bb40c4b125d082ee34acb0c01b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-153744 Malicious code in billa-90 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7519d32e01563891863bfbe2737531af796010435515a408d467c660380f66e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cinta-90 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14df81575168c01ed35b36b1df81922c566afb939b08d464325348bd2d779cb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rita-90 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68ee118bb4e39dfe6aeec7ce56d8658273ae224a12e2b220b07c0a6a0f2c6f05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155698 Malicious code in hariyono-90 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c31147643a78eebfac7a006ac9f261d5ebd155c71a031e252e7f4d02faf5c69 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...