350 advisories tracked · Red Hat Security Data API + Ubuntu Security Notices · checked automatically every minute
Pick your distribution release to see every advisory issued for it and its severity mix. Fixes ship as errata — keep the system patched. This is the release's advisory history, not a per-package scan.
Red Hat Security Data API + Ubuntu Security Notices
Combines Red Hat Enterprise Linux errata (RHSA) via the official Red Hat Security Data API — CVE severity, CVSS and affected packages — with Ubuntu Security Notices (USN) via ubuntu.com's public API (affected releases + CVEs). Both are credential-free official sources.
Visit Red Hat & Ubuntu Linux security advisoriesA flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data. A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data. This is an Important security flaw in the HPLIP hpcups component, where HPLIP is vulnerable to integer overflow when processing crafted print data. A remote attacker who can submit print job content to the hpcups filter path may achieve arbitrary code execution or privilege escalation within user used for starting filters (user 'lp' by default) on systems using HPLIP for printing. Red Hat severity: Important — CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-190. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Authentication bypass due to improper input neutralization. Red Hat rates this critical (CVSS 9.1). Weakness: CWE-140. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) An use after free flaw was found in the AdFilter component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=522561151 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-825. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) An use after free flaw was found in the WebGL component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=523591974 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Critical — CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-825. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /[remote:path]/object. The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during initialization. As a result, a single unauthenticated GET or HEAD request can execute a command as the rclone process user. This vulnerability is fixed in 1.74.3. A flaw was found in Rclone, a command-line program for cloud storage synchronization. When the `rcd --rc-serve` option is enabled, an unauthenticated remote attacker can send specially crafted GET or HEAD requests to execute arbitrary commands as the Rclone process user. This vulnerability allows for remote code execution, potentially compromising the system where Rclone is running. OpenShift API for Data Protection (OADP) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) do not run rclone rcd --rc-serve with an unauthenticated RC listener. OADP relies on Restic (rclone serve restic --stdio) and Kopia (WebDAV serve with RC authentication), while RHACM VolSync uses rclone sync/copy or only compile-time dependencies. Red Hat severity: Important — CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-78. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString() without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could read arbitrary files from the server filesystem, perform Server-Side Request Forgery (SSRF) attacks, or cause denial of service through entity expansion (Billion Laughs attack). The vulnerability affects three USPTO patent format parsers: ICE (v4.x), Grant v2.5, and Application v1.x. This vulnerability is fixed in 2.74.0. A flaw was found in docling. An attacker could exploit an XML External Entity (XXE) vulnerability in the USPTO patent XML parser by crafting malicious XML files. This could allow the attacker to read arbitrary files from the server's filesystem, perform Server-Side Request Forgery (SSRF) attacks, or cause a denial of service by consuming system resources through entity expansion. This is an Important vulnerability in docling, as shipped with Red Hat OpenShift AI, due to an XML External Entity (XXE) flaw in its USPTO patent XML parser. An attacker could exploit this by providing specially crafted XML files, leading to unauthorized access to local files, Server-Side Request Forgery (SSRF), or denial of service. The broad impact on data confidentiality and system availability elevates this to an Important severity. Red Hat severity: Important — CVSS 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H). Weakness: CWE-611. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact, case-sensitive lookup on the SNI value, which fails to match wildcard host patterns (e.g., *.example.com) or case variants of the configured hostname. Because the handshake falls back to the default TLS configuration — which may not require client certificates — a client can complete the QUIC handshake without presenting a certificate, while the subsequent HTTP routing layer still dispatches the request to a backend protected by a router-specific mTLS policy. The issue affects deployments where HTTP/3 is enabled, a router uses a wildcard Host rule or case-insensitive hostname matching, a router-specific TLSOptions enforces client certificate authentication, and UDP access to the entrypoint is reachable by an attacker. This vulnerability is fixed in 3.7.3. A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection allows unauthenticated clients to bypass router-specific mutual Transport Layer Security (mTLS) enforcement. When HTTP/3 is enabled and a router uses wildcard host rules or case-insensitive hostname matching with client certificate authentication, an attacker can complete the QUIC handshake without presenting a certificate. This bypass grants unauthorized access to a backend that should be protected by mTLS. This Important flaw in Traefik, as shipped in Red Hat OpenShift Dev Spaces, allows unauthenticated clients to bypass mutual TLS (mTLS) enforcement when HTTP/3 (QUIC) is enabled. An attacker can gain unauthorized access to mTLS-protected backends if the Traefik router uses wildcard host rules or case-insensitive hostname matching, circumventing expected client certificate authentication. Red Hat severity: Important — CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Weakness: CWE-289. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host(*.example.com) with stricter TLS options (for example RequireAndVerifyClientCert), SNICheck resolves the TLS options for the HTTP Host header using exact map lookups only and never applies wildcard matching. If another permissive SNI is served on the same entrypoint, an attacker can complete the TLS handshake under the permissive options and then send an HTTP Host header targeting the wildcard-protected backend, reaching it without presenting a client certificate. This affects the regular HTTPS / HTTP-2 path and does not require HTTP/3. This vulnerability is fixed in 3.7.3. A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability allows an unauthenticated client to bypass mutual Transport Layer Security (TLS) enforcement, a security measure that verifies both client and server identities. The bypass occurs due to an issue in Traefik's domain-fronting protection (SNICheck), which incorrectly processes TLS options for HTTP Host headers. As a result, an attacker can gain unauthorized access to protected backend services without presenting a required client certificate. This is an Important flaw in Traefik that allows an unauthenticated client to bypass mutual TLS authentication. The vulnerability arises from an issue in Traefik's domain-fronting protection when specific wildcard host rules with strict TLS options are used alongside permissive SNI configurations on the same entrypoint. This bypass enables unauthorized access to protected backend services, undermining critical access controls. Red Hat severity: Important — CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Weakness: CWE-807. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing .. or its percent-encoded form %2e%2e can match the public route at routing time and then, after the prefix is stripped and the path is normalized, resolve to a path served by a separate, authenticated router. As a result, an attacker can reach protected backend paths — such as admin or internal configuration endpoints — without satisfying the authentication middleware attached to the protected router. This vulnerability is fixed in 2.11.48, 3.6.19, and 3.7.3. A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the StripPrefix middleware, allowing an unauthenticated attacker to bypass route-level authentication and authorization. By crafting a request path containing '..' or its percent-encoded form, an attacker can access protected backend paths, such as administrative or internal configuration endpoints, without proper authentication. This could lead to unauthorized information disclosure or modification of sensitive settings. This is an Important authentication bypass flaw in Traefik's StripPrefix middleware, affecting Red Hat OpenShift Dev Spaces. An unauthenticated remote attacker can exploit this by crafting a specific request path, gaining access to protected backend resources like administrative or internal configuration endpoints. This could lead to unauthorized information disclosure or modification of sensitive settings. Red Hat severity: Important — CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Weakness: CWE-22. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys. A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys. Red Hat severity: Critical — CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N). Weakness: CWE-862. Fixed by RHSA-2026:28376, RHSA-2026:28377, RHSA-2026:28497, RHSA-2026:28492 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Ansible Automation Platform 2.5 for RHEL 8; Red Hat Ansible Automation Platform 2.5 for RHEL 9; Red Hat Ansible Automation Platform 2.6 for RHEL 9; Red Hat Ansible Automation Platform 2.5; Red Hat Ansible Automation Platform 2.6.
vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing the configured VLLM_API_KEY or --api-key. This vulnerability is fixed in 0.22.0. A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette's trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations. CVE-2026-48746 is an authentication bypass in the vLLM OpenAI-compatible API server. A remote attacker who can reach the vLLM endpoint directly can craft a Host header so the authentication middleware checks a different URL path than the one actually dispatched, bypassing VLLM_API_KEY / --api-key protection. Successful exploitation allows unauthorized inference API access, which can result in confidentiality loss (model/prompt abuse) and availability impact (resource exhaustion). The flaw does not provide integrity compromise or arbitrary code execution. Exploitation requires vLLM API-key authentication to be enabled and the service to be exposed without an RFC-conforming reverse proxy that normalizes the Host header. Because Red Hat AI inference offerings are commonly deployed behind OpenShift Routes or similar proxies, and because the vulnerability is conditional on deployment and configuration, the overall flaw impact is rated Important rather than Critical. Red Hat severity: Important — CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Weakness: CWE-501. Fixed by RHSA-2026:30088, RHSA-2026:30089 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat AI Inference Server 3.3. Will not fix / out of support: Red Hat Ansible Automation Platform 2.
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20. A flaw was found in Jupyter Server. The nbconvert HTTP handlers in Jupyter Server render user-authored notebook HTML without a sandbox directive in their Content-Security-Policy. This, combined with nbconvert.HTMLExporter's default non-sanitizing behavior, allows a notebook containing an HTML payload to trigger a stored Cross-Site Scripting (XSS) vulnerability. A remote attacker could exploit this to gain cookie access, full API authority, and achieve kernel Remote Code Execution (RCE). Red Hat severity: Important — CVSS 9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-79. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> -- were the only routes in the module missing the @pga_login_required decorator. Both reach a pickle.loads sink on session['gridData'][<trans_id>]['command_obj']: the close endpoint via close_sqleditor_session(), and update_sqleditor_connection via check_transaction_status(). In server mode these endpoints were reachable without any authenticated pgAdmin session. The defect is a missing-authentication-on-critical-function (CWE-306) wrapper around a deserialization-of-untrusted-data sink (CWE-502). Exploiting it for remote code execution requires the attacker to also forge a server-side session file whose gridData entry contains a malicious pickle payload, which in turn requires both (a) knowledge of pgAdmin's Flask SECRET_KEY (no chain to leak it is described here -- the attacker must already possess it) and (b) write access to pgAdmin's sessions/ directory on the host. Neither precondition is granted by this defect on its own. When those preconditions are met from another channel (misconfigured deployment, prior compromise, leaked configuration), the missing auth gate is the final hop that turns an existing partial compromise into unauthenticated code execution in the pgAdmin process -- and, by extension, on the host under whatever account runs pgAdmin. Fix is a one-line @pga_login_required decorator on each of the two endpoints, matching the convention used by every other route in the module. The is_authenticated / MFA chain now runs before the trans_id is dereferenced, so an unauthenticated request is rejected before reaching the deserialization path. The defect is server-mode only. In DESKTOP mode pgAdmin's before_request hook re-authenticates DESKTOP_USER on every request, so no endpoint can be exercised in an unauthenticated state and no auth decorator (or its absence) is meaningful. The accompanying regression test mirrors the attacker's path -- harvests an X-pgA-CSRFToken from GET /login and replays it against both endpoints -- and self-skips outside server mode for that reason; it is wired into the existing server-mode CI workflow alongside the data-isolation tests. This issue affects pgAdmin 4: from 6.9 before 9.16. A flaw was found in pgAdmin 4. Critical functions within the SQL Editor blueprint lacked proper authentication, allowing a remote attacker to bypass security controls. When combined with specific preconditions, such as knowledge of the Flask SECRET_KEY and write access to the sessions directory, this vulnerability could enable unauthenticated remote code execution on the server. This issue primarily affects pgAdmin 4 deployments in server mode. This is an Important flaw in pgAdmin 4, as it could lead to unauthenticated remote code execution on the server. However, successful exploitation requires an attacker to already possess the Flask SECRET_KEY and have write access to the pgAdmin sessions directory, which significantly raises the bar for exploitation and implies a prior compromise or misconfiguration. This vulnerability is specific to pgAdmin 4 deployments operating in server mode. Red Hat severity: Important — CVSS 9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Weakness: CWE-306. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's execute_sql_query tool runs LLM-generated SQL inside a BEGIN TRANSACTION READ ONLY wrapper to prevent data modification. The LLM-supplied query was forwarded to the database driver without restriction to a single statement or to read-only verbs, so a multi-statement payload beginning with COMMIT, END, ROLLBACK, or ABORT terminated the read-only transaction and ran subsequent statements in autocommit mode. The trailing ROLLBACK then had no effect. Delivery is via prompt injection: an attacker who can write content into any object the AI Assistant may inspect (a row, a column value, a comment) can cause the LLM to emit the multi-statement payload as a tool call. With ordinary write privileges on the pgAdmin user's role the attacker can perform unauthorised data modification. When the pgAdmin user's role is a PostgreSQL superuser or holds pg_execute_server_program, the chain extends to remote code execution on the database server host via COPY ... TO PROGRAM. Fix validates the LLM-supplied query up front: it must parse to exactly one non-empty / non-comment statement whose leading real token (after stripping whitespace, comments, and punctuation) is one of SELECT, WITH, EXPLAIN, SHOW, VALUES, or TABLE. Transaction-control verbs, DML, DDL, CALL, COPY, DO, SET/RESET, and everything else are rejected before any database work happens. PostgreSQL's READ ONLY mode continues to backstop data-modifying CTEs, EXPLAIN ANALYZE on writes, and volatile side effects. This issue affects pgAdmin 4: from 9.13 before 9.16. A flaw was found in the pgAdmin 4 AI Assistant. An attacker with the ability to influence database content that the assistant reads can exploit a transaction bypass vulnerability through prompt injection. This allows the attacker to execute arbitrary SQL queries with the privileges of the pgAdmin user's database role. If the pgAdmin user has superuser privileges, this can lead to remote code execution on the database server. This Important flaw in the pgAdmin 4 AI Assistant allows an attacker to bypass read-only transaction protections through prompt injection. By influencing database content that the assistant reads, an attacker can execute arbitrary SQL queries with the privileges of the pgAdmin user's database role. This can escalate to remote code execution on the database server if the pgAdmin user holds superuser privileges, posing a significant risk to data integrity and system control. Red Hat severity: Important — CVSS 9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-89. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
elixir-grpc grpc: Remote Code Execution and Denial of Service via Deserialization of Untrusted Data. Red Hat rates this critical (CVSS 9.8). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution via global system variable manipulation by a high-privileged user. Red Hat rates this important (CVSS 9.1). Weakness: CWE-78. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via improper parameter validation during SST. Red Hat rates this important (CVSS 9.1). Weakness: CWE-78. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string(). Red Hat rates this important (CVSS 9.1). Weakness: CWE-89. Affected package(s): mariadb10.11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11, mariadb-connector-c-main. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
Arbitrary shell command execution via improper sanitization in CONNECT engine. Red Hat rates this important (CVSS 9.9). Weakness: CWE-78. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via wsrep_notify_cmd. Red Hat rates this important (CVSS 9). Weakness: CWE-78. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
AES-OCB IV Ignored on EVP_Cipher() Path. Red Hat rates this moderate (CVSS 9.1). Weakness: CWE-1204. Affected package(s): insights-proxy/insights-proxy-container-rhel9:1782890503, rhui5/haproxy-rhel9:1781525671, openssl, rhui5/installer-rhel9:1781525693, rhui5/cds-rhel9:1781525684, discovery/discovery-ui-rhel9:1782166952. Resolved in Red Hat advisory RHSA-2026:29197 — update the affected packages (`sudo dnf update`).
Insufficient validation of untrusted input in UI. Red Hat rates this important (CVSS 9.6). Weakness: CWE-1286. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in PDF. Red Hat rates this important (CVSS 9.6). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Web Apps. Red Hat rates this important (CVSS 9). Weakness: CWE-1341. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Bluetooth. Red Hat rates this important (CVSS 9). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in ServiceWorker. Red Hat rates this important (CVSS 9). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Extensions. Red Hat rates this important (CVSS 9). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Proxy. Red Hat rates this important (CVSS 9.8). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Printing. Red Hat rates this important (CVSS 9.6). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in CameraCapture. Red Hat rates this important (CVSS 9.6). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Navigation. Red Hat rates this important (CVSS 9.6). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Views. Red Hat rates this important (CVSS 9). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Out of bounds memory access in V8. Red Hat rates this important (CVSS 9.6). Weakness: CWE-125. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Payments. Red Hat rates this important (CVSS 9.6). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in WebCodecs. Red Hat rates this important (CVSS 9.6). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Gamepad. Red Hat rates this important (CVSS 9.6). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Skia. Red Hat rates this important (CVSS 9). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Integer overflow in libyuv. Red Hat rates this important (CVSS 9). Weakness: CWE-190. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in Codecs. Red Hat rates this important (CVSS 9). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Insufficient validation of untrusted input in New Tab Page. Red Hat rates this important (CVSS 9). Weakness: CWE-79. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.