Astra Linux - уязвимость в firefox, thunderbird

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 96 and Firefox ESR 91.5. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...

Astra Linux - уязвимость в chromium

Before version 97.0.4692.99, using free after Vulkan in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

A heap buffer overflow in ANGLE in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

Before version 97.0.4692.71, using the "After Free" feature in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

A heap buffer overflow in the Task Manager of Google Chrome prior to version 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption through a crafted HTML page...

CVE-2026-29778

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

MiracleLinux 3 : ghostscript-8.70-6.6.0.1.AXS3 (AXSA:2012-97:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-97:01 advisory. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics...

MAL-2025-155705 Malicious code in hariyono-97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8a550238eb43b6eb18328070fcf39ca71f7dbd8aa6b8b745d6dcfb0930c84c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rita-97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1113ff87d8b246375c2f26bfcfebba0ebf286eccf6b65bebf895141e13c181d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154132 Malicious code in cinta-97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc322839eddf83cc6238ca5f5c4434326a1f07a041b8259a23085b354fad9978 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cinta-97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc322839eddf83cc6238ca5f5c4434326a1f07a041b8259a23085b354fad9978 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in billa-97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a260442344a79e904bce89ca6f59d9febd6e9f41ff94eca0041cbac948bebbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2000-0276

Malware in sbrugna...

EUVD-1999-0354

Malware in sbrugna...

EUVD-2022-27901

Malicious code in bioql PyPI...

CVE-1999-0717

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97...

CVE-1999-0354

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message...

OESA-2024-1308 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin...

Adobe Lightroom Classic < 10.4 Privilege escalation (APSB21-97) (macOS)

The version of Adobe Lightroom Classic installed on the remote macOS host is prior to 10.4. It is, therefore, affected by a vulnerability as referenced in the APSB21-97 advisory. - Adobe Lightroom Classic 10.3 and earlier are affected by a privilege escalation vulnerability in the Offline Lightro...

Stable Channel Update for Desktop

The Stable and Extended stable channels has been updated to 116.0.5845.96 for Mac and Linux and 116.0.5845.96/.97 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and...