Aggregator

chromium-148.0.7778.215-1.fc44

Fedora Security Advisories
13 hours 12 minutes ago
FEDORA-2026-a688180654 Packages in this update:
  • chromium-148.0.7778.215-1.fc44
Update description:

Update to 148.0.7778.215

  • CVE-2026-9872: Out of bounds write in GPU
  • CVE-2026-9873: Use after free in Network
  • CVE-2026-9874: Use after free in Dawn
  • CVE-2026-9875: Out of bounds read in WebGL
  • CVE-2026-9876: Use after free in WebGL
  • CVE-2026-9877: Use after free in ANGLE
  • CVE-2026-9878: Use after free in ANGLE
  • CVE-2026-9879: Out of bounds write in ANGLE
  • CVE-2026-9880: Insufficient validation of untrusted input in WebGL
  • CVE-2026-9881: Use after free in Bluetooth
  • CVE-2026-9882: Integer overflow in ANGLE
  • CVE-2026-9883: Use after free in Base
  • CVE-2026-9884: Use after free in Browser
  • CVE-2026-9885: Insufficient validation of untrusted input in UI
  • CVE-2026-9886: Use after free in Base
  • CVE-2026-9887: Use after free in Proxy
  • CVE-2026-9888: Use after free in WebView
  • CVE-2026-9889: Out of bounds read and write in Dawn
  • CVE-2026-9890: Use after free in XR
  • CVE-2026-9891: Use after free in Extensions
  • CVE-2026-9892: Inappropriate implementation in Skia
  • CVE-2026-9893: Use after free in Skia
  • CVE-2026-9894: Use after free in GPU
  • CVE-2026-9895: Out of bounds read in GPU
  • CVE-2026-9896: Out of bounds write in V8
  • CVE-2026-9897: Use after free in DOM
  • CVE-2026-9898: Insufficient validation of untrusted input in GPU
  • CVE-2026-9899: Use after free in ANGLE
  • CVE-2026-9900: Out of bounds write in ANGLE
  • CVE-2026-9901: Use after free in ANGLE
  • CVE-2026-9902: Use after free in Accessibility
  • CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
  • CVE-2026-9904: Use after free in ANGLE
  • CVE-2026-9905: Use after free in Accessibility
  • CVE-2026-9906: Out of bounds write in GPU
  • CVE-2026-9907: Out of bounds read in Dawn
  • CVE-2026-9908: Out of bounds read in ANGLE
  • CVE-2026-9909: Integer overflow in Skia
  • CVE-2026-9910: Out of bounds memory access in ANGLE
  • CVE-2026-9911: Integer overflow in ANGLE
  • CVE-2026-9912: Inappropriate implementation in GPU
  • CVE-2026-9913: Inappropriate implementation in ANGLE
  • CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9915: Heap buffer overflow in ANGLE
  • CVE-2026-9916: Out of bounds write in ANGLE
  • CVE-2026-9917: Uninitialized Use in WebGL
  • CVE-2026-9918: Inappropriate implementation in Tint
  • CVE-2026-9919: Out of bounds read in WebGL
  • CVE-2026-9920: Uninitialized Use in GPU
  • CVE-2026-9921: Uninitialized Use in WebGL
  • CVE-2026-9922: Use after free in GPU
  • CVE-2026-9923: Use after free in Skia
  • CVE-2026-9924: Heap buffer overflow in ANGLE
  • CVE-2026-9925: Use after free in ANGLE
  • CVE-2026-9926: Heap buffer overflow in ANGLE
  • CVE-2026-9927: Use after free in ANGLE
  • CVE-2026-9928: Out of bounds read in ANGLE
  • CVE-2026-9929: Inappropriate implementation in WebGL
  • CVE-2026-9930: Out of bounds write in Dawn
  • CVE-2026-9931: Use after free in GPU
  • CVE-2026-9932: Use after free in ANGLE
  • CVE-2026-9933: Use after free in Input
  • CVE-2026-9934: Use after free in Aura
  • CVE-2026-9935: Uninitialized Use in ANGLE
  • CVE-2026-9936: Use after free in GFX
  • CVE-2026-9937: Use after free in UI
  • CVE-2026-9938: Inappropriate implementation in V8
  • CVE-2026-9939: Heap buffer overflow in WebCodecs
  • CVE-2026-9940: Heap buffer overflow in ANGLE
  • CVE-2026-9941: Use after free in ANGLE
  • CVE-2026-9942: Uninitialized Use in ANGLE
  • CVE-2026-9943: Out of bounds read in WebGL
  • CVE-2026-9944: Uninitialized Use in ANGLE
  • CVE-2026-9945: Use after free in Media
  • CVE-2026-9946: Use after free in ANGLE
  • CVE-2026-9947: Use after free in XML
  • CVE-2026-9948: Use after free in Views
  • CVE-2026-9949: Use after free in Core
  • CVE-2026-9950: Insufficient validation of untrusted input in iOS
  • CVE-2026-9951: Use after free in UI
  • CVE-2026-9952: Use after free in WebAudio
  • CVE-2026-9953: Out of bounds read in ANGLE
  • CVE-2026-9954: Use after free in TabStrip
  • CVE-2026-9955: Inappropriate implementation in iOS
  • CVE-2026-9956: Use after free in iOS
  • CVE-2026-9957: Use after free in PDF
  • CVE-2026-9958: Use after free in PDFium
  • CVE-2026-9959: Race in WebRTC
  • CVE-2026-9960: Integer overflow in PDFium
  • CVE-2026-9961: Use after free in SurfaceCapture
  • CVE-2026-9962: Use after free in WebRTC
  • CVE-2026-9963: Uninitialized Use in iOS
  • CVE-2026-9964: Use after free in Bluetooth
  • CVE-2026-9965: Out of bounds write in ANGLE
  • CVE-2026-9966: Integer overflow in XML
  • CVE-2026-9967: Out of bounds write in GPU
  • CVE-2026-9968: Integer overflow in V8
  • CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9970: Use after free in WebGL
  • CVE-2026-9971: Inappropriate implementation in iOS
  • CVE-2026-9972: Uninitialized Use in Gamepad
  • CVE-2026-9973: Out of bounds write in V8
  • CVE-2026-9974: Out of bounds write in GPU
  • CVE-2026-9975: Out of bounds read and write in ANGLE
  • CVE-2026-9976: Inappropriate implementation in USB
  • CVE-2026-9977: Insufficient validation of untrusted input in WebShare
  • CVE-2026-9978: Use after free in Glic
  • CVE-2026-9979: Insufficient validation of untrusted input in Input
  • CVE-2026-9980: Insufficient validation of untrusted input in Printing
  • CVE-2026-9981: Inappropriate implementation in Skia
  • CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9983: Type Confusion in Skia
  • CVE-2026-9984: Use after free in UI
  • CVE-2026-9985: Insufficient validation of untrusted input in Media
  • CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
  • CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
  • CVE-2026-9988: Use after free in WebRTC
  • CVE-2026-9989: Inappropriate implementation in Media
  • CVE-2026-9990: Use after free in WebAppInstalls
  • CVE-2026-9991: Inappropriate implementation in Media
  • CVE-2026-9992: Use after free in Network
  • CVE-2026-9993: Use after free in Views
  • CVE-2026-9994: Use after free in Core
  • CVE-2026-9995: Use after free in WebXR
  • CVE-2026-9996: Out of bounds read in WebRTC
  • CVE-2026-9997: Use after free in Input
  • CVE-2026-9998: Integer overflow in Skia
  • CVE-2026-9999: Inappropriate implementation in ANGLE
  • CVE-2026-10000: Use after free in Passwords
  • CVE-2026-10001: Use after free in PerformanceManager
  • CVE-2026-10002: Use after free in PDFium
  • CVE-2026-10003: Use after free in Views
  • CVE-2026-10004: Insufficient validation of untrusted input in Passwords
  • CVE-2026-10005: Use after free in WebAppInstalls
  • CVE-2026-10006: Race in WebAudio
  • CVE-2026-10007: Use after free in SVG
  • CVE-2026-10008: Uninitialized Use in GPU
  • CVE-2026-10009: Integer overflow in Skia
  • CVE-2026-10010: Inappropriate implementation in Input
  • CVE-2026-10011: Inappropriate implementation in Skia
  • CVE-2026-10012: Use after free in Skia
  • CVE-2026-10013: Use after free in WebCodecs
  • CVE-2026-10014: Use after free in WebMIDI
  • CVE-2026-10015: Integer overflow in WTF
  • CVE-2026-10016: Use after free in DOM
  • CVE-2026-10017: Out of bounds read in Headless
  • CVE-2026-10018: Integer overflow in ANGLE
  • CVE-2026-10019: Integer overflow in ANGLE
  • CVE-2026-10020: Insufficient validation of untrusted input in Skia
  • CVE-2026-10021: Insufficient validation of untrusted input in USB
  • CVE-2026-10022: Type Confusion in V8

chromium-148.0.7778.215-1.el10_2

Fedora Security Advisories
13 hours 12 minutes ago
FEDORA-EPEL-2026-16a47e9002 Packages in this update:
  • chromium-148.0.7778.215-1.el10_2
Update description:

Update to 148.0.7778.215

  • CVE-2026-9872: Out of bounds write in GPU
  • CVE-2026-9873: Use after free in Network
  • CVE-2026-9874: Use after free in Dawn
  • CVE-2026-9875: Out of bounds read in WebGL
  • CVE-2026-9876: Use after free in WebGL
  • CVE-2026-9877: Use after free in ANGLE
  • CVE-2026-9878: Use after free in ANGLE
  • CVE-2026-9879: Out of bounds write in ANGLE
  • CVE-2026-9880: Insufficient validation of untrusted input in WebGL
  • CVE-2026-9881: Use after free in Bluetooth
  • CVE-2026-9882: Integer overflow in ANGLE
  • CVE-2026-9883: Use after free in Base
  • CVE-2026-9884: Use after free in Browser
  • CVE-2026-9885: Insufficient validation of untrusted input in UI
  • CVE-2026-9886: Use after free in Base
  • CVE-2026-9887: Use after free in Proxy
  • CVE-2026-9888: Use after free in WebView
  • CVE-2026-9889: Out of bounds read and write in Dawn
  • CVE-2026-9890: Use after free in XR
  • CVE-2026-9891: Use after free in Extensions
  • CVE-2026-9892: Inappropriate implementation in Skia
  • CVE-2026-9893: Use after free in Skia
  • CVE-2026-9894: Use after free in GPU
  • CVE-2026-9895: Out of bounds read in GPU
  • CVE-2026-9896: Out of bounds write in V8
  • CVE-2026-9897: Use after free in DOM
  • CVE-2026-9898: Insufficient validation of untrusted input in GPU
  • CVE-2026-9899: Use after free in ANGLE
  • CVE-2026-9900: Out of bounds write in ANGLE
  • CVE-2026-9901: Use after free in ANGLE
  • CVE-2026-9902: Use after free in Accessibility
  • CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
  • CVE-2026-9904: Use after free in ANGLE
  • CVE-2026-9905: Use after free in Accessibility
  • CVE-2026-9906: Out of bounds write in GPU
  • CVE-2026-9907: Out of bounds read in Dawn
  • CVE-2026-9908: Out of bounds read in ANGLE
  • CVE-2026-9909: Integer overflow in Skia
  • CVE-2026-9910: Out of bounds memory access in ANGLE
  • CVE-2026-9911: Integer overflow in ANGLE
  • CVE-2026-9912: Inappropriate implementation in GPU
  • CVE-2026-9913: Inappropriate implementation in ANGLE
  • CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9915: Heap buffer overflow in ANGLE
  • CVE-2026-9916: Out of bounds write in ANGLE
  • CVE-2026-9917: Uninitialized Use in WebGL
  • CVE-2026-9918: Inappropriate implementation in Tint
  • CVE-2026-9919: Out of bounds read in WebGL
  • CVE-2026-9920: Uninitialized Use in GPU
  • CVE-2026-9921: Uninitialized Use in WebGL
  • CVE-2026-9922: Use after free in GPU
  • CVE-2026-9923: Use after free in Skia
  • CVE-2026-9924: Heap buffer overflow in ANGLE
  • CVE-2026-9925: Use after free in ANGLE
  • CVE-2026-9926: Heap buffer overflow in ANGLE
  • CVE-2026-9927: Use after free in ANGLE
  • CVE-2026-9928: Out of bounds read in ANGLE
  • CVE-2026-9929: Inappropriate implementation in WebGL
  • CVE-2026-9930: Out of bounds write in Dawn
  • CVE-2026-9931: Use after free in GPU
  • CVE-2026-9932: Use after free in ANGLE
  • CVE-2026-9933: Use after free in Input
  • CVE-2026-9934: Use after free in Aura
  • CVE-2026-9935: Uninitialized Use in ANGLE
  • CVE-2026-9936: Use after free in GFX
  • CVE-2026-9937: Use after free in UI
  • CVE-2026-9938: Inappropriate implementation in V8
  • CVE-2026-9939: Heap buffer overflow in WebCodecs
  • CVE-2026-9940: Heap buffer overflow in ANGLE
  • CVE-2026-9941: Use after free in ANGLE
  • CVE-2026-9942: Uninitialized Use in ANGLE
  • CVE-2026-9943: Out of bounds read in WebGL
  • CVE-2026-9944: Uninitialized Use in ANGLE
  • CVE-2026-9945: Use after free in Media
  • CVE-2026-9946: Use after free in ANGLE
  • CVE-2026-9947: Use after free in XML
  • CVE-2026-9948: Use after free in Views
  • CVE-2026-9949: Use after free in Core
  • CVE-2026-9950: Insufficient validation of untrusted input in iOS
  • CVE-2026-9951: Use after free in UI
  • CVE-2026-9952: Use after free in WebAudio
  • CVE-2026-9953: Out of bounds read in ANGLE
  • CVE-2026-9954: Use after free in TabStrip
  • CVE-2026-9955: Inappropriate implementation in iOS
  • CVE-2026-9956: Use after free in iOS
  • CVE-2026-9957: Use after free in PDF
  • CVE-2026-9958: Use after free in PDFium
  • CVE-2026-9959: Race in WebRTC
  • CVE-2026-9960: Integer overflow in PDFium
  • CVE-2026-9961: Use after free in SurfaceCapture
  • CVE-2026-9962: Use after free in WebRTC
  • CVE-2026-9963: Uninitialized Use in iOS
  • CVE-2026-9964: Use after free in Bluetooth
  • CVE-2026-9965: Out of bounds write in ANGLE
  • CVE-2026-9966: Integer overflow in XML
  • CVE-2026-9967: Out of bounds write in GPU
  • CVE-2026-9968: Integer overflow in V8
  • CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9970: Use after free in WebGL
  • CVE-2026-9971: Inappropriate implementation in iOS
  • CVE-2026-9972: Uninitialized Use in Gamepad
  • CVE-2026-9973: Out of bounds write in V8
  • CVE-2026-9974: Out of bounds write in GPU
  • CVE-2026-9975: Out of bounds read and write in ANGLE
  • CVE-2026-9976: Inappropriate implementation in USB
  • CVE-2026-9977: Insufficient validation of untrusted input in WebShare
  • CVE-2026-9978: Use after free in Glic
  • CVE-2026-9979: Insufficient validation of untrusted input in Input
  • CVE-2026-9980: Insufficient validation of untrusted input in Printing
  • CVE-2026-9981: Inappropriate implementation in Skia
  • CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9983: Type Confusion in Skia
  • CVE-2026-9984: Use after free in UI
  • CVE-2026-9985: Insufficient validation of untrusted input in Media
  • CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
  • CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
  • CVE-2026-9988: Use after free in WebRTC
  • CVE-2026-9989: Inappropriate implementation in Media
  • CVE-2026-9990: Use after free in WebAppInstalls
  • CVE-2026-9991: Inappropriate implementation in Media
  • CVE-2026-9992: Use after free in Network
  • CVE-2026-9993: Use after free in Views
  • CVE-2026-9994: Use after free in Core
  • CVE-2026-9995: Use after free in WebXR
  • CVE-2026-9996: Out of bounds read in WebRTC
  • CVE-2026-9997: Use after free in Input
  • CVE-2026-9998: Integer overflow in Skia
  • CVE-2026-9999: Inappropriate implementation in ANGLE
  • CVE-2026-10000: Use after free in Passwords
  • CVE-2026-10001: Use after free in PerformanceManager
  • CVE-2026-10002: Use after free in PDFium
  • CVE-2026-10003: Use after free in Views
  • CVE-2026-10004: Insufficient validation of untrusted input in Passwords
  • CVE-2026-10005: Use after free in WebAppInstalls
  • CVE-2026-10006: Race in WebAudio
  • CVE-2026-10007: Use after free in SVG
  • CVE-2026-10008: Uninitialized Use in GPU
  • CVE-2026-10009: Integer overflow in Skia
  • CVE-2026-10010: Inappropriate implementation in Input
  • CVE-2026-10011: Inappropriate implementation in Skia
  • CVE-2026-10012: Use after free in Skia
  • CVE-2026-10013: Use after free in WebCodecs
  • CVE-2026-10014: Use after free in WebMIDI
  • CVE-2026-10015: Integer overflow in WTF
  • CVE-2026-10016: Use after free in DOM
  • CVE-2026-10017: Out of bounds read in Headless
  • CVE-2026-10018: Integer overflow in ANGLE
  • CVE-2026-10019: Integer overflow in ANGLE
  • CVE-2026-10020: Insufficient validation of untrusted input in Skia
  • CVE-2026-10021: Insufficient validation of untrusted input in USB
  • CVE-2026-10022: Type Confusion in V8

chromium-148.0.7778.215-1.el10_3

Fedora Security Advisories
13 hours 12 minutes ago
FEDORA-EPEL-2026-ebe8b4fbc3 Packages in this update:
  • chromium-148.0.7778.215-1.el10_3
Update description:

Update to 148.0.7778.215

  • CVE-2026-9872: Out of bounds write in GPU
  • CVE-2026-9873: Use after free in Network
  • CVE-2026-9874: Use after free in Dawn
  • CVE-2026-9875: Out of bounds read in WebGL
  • CVE-2026-9876: Use after free in WebGL
  • CVE-2026-9877: Use after free in ANGLE
  • CVE-2026-9878: Use after free in ANGLE
  • CVE-2026-9879: Out of bounds write in ANGLE
  • CVE-2026-9880: Insufficient validation of untrusted input in WebGL
  • CVE-2026-9881: Use after free in Bluetooth
  • CVE-2026-9882: Integer overflow in ANGLE
  • CVE-2026-9883: Use after free in Base
  • CVE-2026-9884: Use after free in Browser
  • CVE-2026-9885: Insufficient validation of untrusted input in UI
  • CVE-2026-9886: Use after free in Base
  • CVE-2026-9887: Use after free in Proxy
  • CVE-2026-9888: Use after free in WebView
  • CVE-2026-9889: Out of bounds read and write in Dawn
  • CVE-2026-9890: Use after free in XR
  • CVE-2026-9891: Use after free in Extensions
  • CVE-2026-9892: Inappropriate implementation in Skia
  • CVE-2026-9893: Use after free in Skia
  • CVE-2026-9894: Use after free in GPU
  • CVE-2026-9895: Out of bounds read in GPU
  • CVE-2026-9896: Out of bounds write in V8
  • CVE-2026-9897: Use after free in DOM
  • CVE-2026-9898: Insufficient validation of untrusted input in GPU
  • CVE-2026-9899: Use after free in ANGLE
  • CVE-2026-9900: Out of bounds write in ANGLE
  • CVE-2026-9901: Use after free in ANGLE
  • CVE-2026-9902: Use after free in Accessibility
  • CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
  • CVE-2026-9904: Use after free in ANGLE
  • CVE-2026-9905: Use after free in Accessibility
  • CVE-2026-9906: Out of bounds write in GPU
  • CVE-2026-9907: Out of bounds read in Dawn
  • CVE-2026-9908: Out of bounds read in ANGLE
  • CVE-2026-9909: Integer overflow in Skia
  • CVE-2026-9910: Out of bounds memory access in ANGLE
  • CVE-2026-9911: Integer overflow in ANGLE
  • CVE-2026-9912: Inappropriate implementation in GPU
  • CVE-2026-9913: Inappropriate implementation in ANGLE
  • CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9915: Heap buffer overflow in ANGLE
  • CVE-2026-9916: Out of bounds write in ANGLE
  • CVE-2026-9917: Uninitialized Use in WebGL
  • CVE-2026-9918: Inappropriate implementation in Tint
  • CVE-2026-9919: Out of bounds read in WebGL
  • CVE-2026-9920: Uninitialized Use in GPU
  • CVE-2026-9921: Uninitialized Use in WebGL
  • CVE-2026-9922: Use after free in GPU
  • CVE-2026-9923: Use after free in Skia
  • CVE-2026-9924: Heap buffer overflow in ANGLE
  • CVE-2026-9925: Use after free in ANGLE
  • CVE-2026-9926: Heap buffer overflow in ANGLE
  • CVE-2026-9927: Use after free in ANGLE
  • CVE-2026-9928: Out of bounds read in ANGLE
  • CVE-2026-9929: Inappropriate implementation in WebGL
  • CVE-2026-9930: Out of bounds write in Dawn
  • CVE-2026-9931: Use after free in GPU
  • CVE-2026-9932: Use after free in ANGLE
  • CVE-2026-9933: Use after free in Input
  • CVE-2026-9934: Use after free in Aura
  • CVE-2026-9935: Uninitialized Use in ANGLE
  • CVE-2026-9936: Use after free in GFX
  • CVE-2026-9937: Use after free in UI
  • CVE-2026-9938: Inappropriate implementation in V8
  • CVE-2026-9939: Heap buffer overflow in WebCodecs
  • CVE-2026-9940: Heap buffer overflow in ANGLE
  • CVE-2026-9941: Use after free in ANGLE
  • CVE-2026-9942: Uninitialized Use in ANGLE
  • CVE-2026-9943: Out of bounds read in WebGL
  • CVE-2026-9944: Uninitialized Use in ANGLE
  • CVE-2026-9945: Use after free in Media
  • CVE-2026-9946: Use after free in ANGLE
  • CVE-2026-9947: Use after free in XML
  • CVE-2026-9948: Use after free in Views
  • CVE-2026-9949: Use after free in Core
  • CVE-2026-9950: Insufficient validation of untrusted input in iOS
  • CVE-2026-9951: Use after free in UI
  • CVE-2026-9952: Use after free in WebAudio
  • CVE-2026-9953: Out of bounds read in ANGLE
  • CVE-2026-9954: Use after free in TabStrip
  • CVE-2026-9955: Inappropriate implementation in iOS
  • CVE-2026-9956: Use after free in iOS
  • CVE-2026-9957: Use after free in PDF
  • CVE-2026-9958: Use after free in PDFium
  • CVE-2026-9959: Race in WebRTC
  • CVE-2026-9960: Integer overflow in PDFium
  • CVE-2026-9961: Use after free in SurfaceCapture
  • CVE-2026-9962: Use after free in WebRTC
  • CVE-2026-9963: Uninitialized Use in iOS
  • CVE-2026-9964: Use after free in Bluetooth
  • CVE-2026-9965: Out of bounds write in ANGLE
  • CVE-2026-9966: Integer overflow in XML
  • CVE-2026-9967: Out of bounds write in GPU
  • CVE-2026-9968: Integer overflow in V8
  • CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9970: Use after free in WebGL
  • CVE-2026-9971: Inappropriate implementation in iOS
  • CVE-2026-9972: Uninitialized Use in Gamepad
  • CVE-2026-9973: Out of bounds write in V8
  • CVE-2026-9974: Out of bounds write in GPU
  • CVE-2026-9975: Out of bounds read and write in ANGLE
  • CVE-2026-9976: Inappropriate implementation in USB
  • CVE-2026-9977: Insufficient validation of untrusted input in WebShare
  • CVE-2026-9978: Use after free in Glic
  • CVE-2026-9979: Insufficient validation of untrusted input in Input
  • CVE-2026-9980: Insufficient validation of untrusted input in Printing
  • CVE-2026-9981: Inappropriate implementation in Skia
  • CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9983: Type Confusion in Skia
  • CVE-2026-9984: Use after free in UI
  • CVE-2026-9985: Insufficient validation of untrusted input in Media
  • CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
  • CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
  • CVE-2026-9988: Use after free in WebRTC
  • CVE-2026-9989: Inappropriate implementation in Media
  • CVE-2026-9990: Use after free in WebAppInstalls
  • CVE-2026-9991: Inappropriate implementation in Media
  • CVE-2026-9992: Use after free in Network
  • CVE-2026-9993: Use after free in Views
  • CVE-2026-9994: Use after free in Core
  • CVE-2026-9995: Use after free in WebXR
  • CVE-2026-9996: Out of bounds read in WebRTC
  • CVE-2026-9997: Use after free in Input
  • CVE-2026-9998: Integer overflow in Skia
  • CVE-2026-9999: Inappropriate implementation in ANGLE
  • CVE-2026-10000: Use after free in Passwords
  • CVE-2026-10001: Use after free in PerformanceManager
  • CVE-2026-10002: Use after free in PDFium
  • CVE-2026-10003: Use after free in Views
  • CVE-2026-10004: Insufficient validation of untrusted input in Passwords
  • CVE-2026-10005: Use after free in WebAppInstalls
  • CVE-2026-10006: Race in WebAudio
  • CVE-2026-10007: Use after free in SVG
  • CVE-2026-10008: Uninitialized Use in GPU
  • CVE-2026-10009: Integer overflow in Skia
  • CVE-2026-10010: Inappropriate implementation in Input
  • CVE-2026-10011: Inappropriate implementation in Skia
  • CVE-2026-10012: Use after free in Skia
  • CVE-2026-10013: Use after free in WebCodecs
  • CVE-2026-10014: Use after free in WebMIDI
  • CVE-2026-10015: Integer overflow in WTF
  • CVE-2026-10016: Use after free in DOM
  • CVE-2026-10017: Out of bounds read in Headless
  • CVE-2026-10018: Integer overflow in ANGLE
  • CVE-2026-10019: Integer overflow in ANGLE
  • CVE-2026-10020: Insufficient validation of untrusted input in Skia
  • CVE-2026-10021: Insufficient validation of untrusted input in USB
  • CVE-2026-10022: Type Confusion in V8

chromium-148.0.7778.215-1.el9

Fedora Security Advisories
13 hours 12 minutes ago
FEDORA-EPEL-2026-694ab77296 Packages in this update:
  • chromium-148.0.7778.215-1.el9
Update description:

Update to 148.0.7778.215

  • CVE-2026-9872: Out of bounds write in GPU
  • CVE-2026-9873: Use after free in Network
  • CVE-2026-9874: Use after free in Dawn
  • CVE-2026-9875: Out of bounds read in WebGL
  • CVE-2026-9876: Use after free in WebGL
  • CVE-2026-9877: Use after free in ANGLE
  • CVE-2026-9878: Use after free in ANGLE
  • CVE-2026-9879: Out of bounds write in ANGLE
  • CVE-2026-9880: Insufficient validation of untrusted input in WebGL
  • CVE-2026-9881: Use after free in Bluetooth
  • CVE-2026-9882: Integer overflow in ANGLE
  • CVE-2026-9883: Use after free in Base
  • CVE-2026-9884: Use after free in Browser
  • CVE-2026-9885: Insufficient validation of untrusted input in UI
  • CVE-2026-9886: Use after free in Base
  • CVE-2026-9887: Use after free in Proxy
  • CVE-2026-9888: Use after free in WebView
  • CVE-2026-9889: Out of bounds read and write in Dawn
  • CVE-2026-9890: Use after free in XR
  • CVE-2026-9891: Use after free in Extensions
  • CVE-2026-9892: Inappropriate implementation in Skia
  • CVE-2026-9893: Use after free in Skia
  • CVE-2026-9894: Use after free in GPU
  • CVE-2026-9895: Out of bounds read in GPU
  • CVE-2026-9896: Out of bounds write in V8
  • CVE-2026-9897: Use after free in DOM
  • CVE-2026-9898: Insufficient validation of untrusted input in GPU
  • CVE-2026-9899: Use after free in ANGLE
  • CVE-2026-9900: Out of bounds write in ANGLE
  • CVE-2026-9901: Use after free in ANGLE
  • CVE-2026-9902: Use after free in Accessibility
  • CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
  • CVE-2026-9904: Use after free in ANGLE
  • CVE-2026-9905: Use after free in Accessibility
  • CVE-2026-9906: Out of bounds write in GPU
  • CVE-2026-9907: Out of bounds read in Dawn
  • CVE-2026-9908: Out of bounds read in ANGLE
  • CVE-2026-9909: Integer overflow in Skia
  • CVE-2026-9910: Out of bounds memory access in ANGLE
  • CVE-2026-9911: Integer overflow in ANGLE
  • CVE-2026-9912: Inappropriate implementation in GPU
  • CVE-2026-9913: Inappropriate implementation in ANGLE
  • CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9915: Heap buffer overflow in ANGLE
  • CVE-2026-9916: Out of bounds write in ANGLE
  • CVE-2026-9917: Uninitialized Use in WebGL
  • CVE-2026-9918: Inappropriate implementation in Tint
  • CVE-2026-9919: Out of bounds read in WebGL
  • CVE-2026-9920: Uninitialized Use in GPU
  • CVE-2026-9921: Uninitialized Use in WebGL
  • CVE-2026-9922: Use after free in GPU
  • CVE-2026-9923: Use after free in Skia
  • CVE-2026-9924: Heap buffer overflow in ANGLE
  • CVE-2026-9925: Use after free in ANGLE
  • CVE-2026-9926: Heap buffer overflow in ANGLE
  • CVE-2026-9927: Use after free in ANGLE
  • CVE-2026-9928: Out of bounds read in ANGLE
  • CVE-2026-9929: Inappropriate implementation in WebGL
  • CVE-2026-9930: Out of bounds write in Dawn
  • CVE-2026-9931: Use after free in GPU
  • CVE-2026-9932: Use after free in ANGLE
  • CVE-2026-9933: Use after free in Input
  • CVE-2026-9934: Use after free in Aura
  • CVE-2026-9935: Uninitialized Use in ANGLE
  • CVE-2026-9936: Use after free in GFX
  • CVE-2026-9937: Use after free in UI
  • CVE-2026-9938: Inappropriate implementation in V8
  • CVE-2026-9939: Heap buffer overflow in WebCodecs
  • CVE-2026-9940: Heap buffer overflow in ANGLE
  • CVE-2026-9941: Use after free in ANGLE
  • CVE-2026-9942: Uninitialized Use in ANGLE
  • CVE-2026-9943: Out of bounds read in WebGL
  • CVE-2026-9944: Uninitialized Use in ANGLE
  • CVE-2026-9945: Use after free in Media
  • CVE-2026-9946: Use after free in ANGLE
  • CVE-2026-9947: Use after free in XML
  • CVE-2026-9948: Use after free in Views
  • CVE-2026-9949: Use after free in Core
  • CVE-2026-9950: Insufficient validation of untrusted input in iOS
  • CVE-2026-9951: Use after free in UI
  • CVE-2026-9952: Use after free in WebAudio
  • CVE-2026-9953: Out of bounds read in ANGLE
  • CVE-2026-9954: Use after free in TabStrip
  • CVE-2026-9955: Inappropriate implementation in iOS
  • CVE-2026-9956: Use after free in iOS
  • CVE-2026-9957: Use after free in PDF
  • CVE-2026-9958: Use after free in PDFium
  • CVE-2026-9959: Race in WebRTC
  • CVE-2026-9960: Integer overflow in PDFium
  • CVE-2026-9961: Use after free in SurfaceCapture
  • CVE-2026-9962: Use after free in WebRTC
  • CVE-2026-9963: Uninitialized Use in iOS
  • CVE-2026-9964: Use after free in Bluetooth
  • CVE-2026-9965: Out of bounds write in ANGLE
  • CVE-2026-9966: Integer overflow in XML
  • CVE-2026-9967: Out of bounds write in GPU
  • CVE-2026-9968: Integer overflow in V8
  • CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9970: Use after free in WebGL
  • CVE-2026-9971: Inappropriate implementation in iOS
  • CVE-2026-9972: Uninitialized Use in Gamepad
  • CVE-2026-9973: Out of bounds write in V8
  • CVE-2026-9974: Out of bounds write in GPU
  • CVE-2026-9975: Out of bounds read and write in ANGLE
  • CVE-2026-9976: Inappropriate implementation in USB
  • CVE-2026-9977: Insufficient validation of untrusted input in WebShare
  • CVE-2026-9978: Use after free in Glic
  • CVE-2026-9979: Insufficient validation of untrusted input in Input
  • CVE-2026-9980: Insufficient validation of untrusted input in Printing
  • CVE-2026-9981: Inappropriate implementation in Skia
  • CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9983: Type Confusion in Skia
  • CVE-2026-9984: Use after free in UI
  • CVE-2026-9985: Insufficient validation of untrusted input in Media
  • CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
  • CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
  • CVE-2026-9988: Use after free in WebRTC
  • CVE-2026-9989: Inappropriate implementation in Media
  • CVE-2026-9990: Use after free in WebAppInstalls
  • CVE-2026-9991: Inappropriate implementation in Media
  • CVE-2026-9992: Use after free in Network
  • CVE-2026-9993: Use after free in Views
  • CVE-2026-9994: Use after free in Core
  • CVE-2026-9995: Use after free in WebXR
  • CVE-2026-9996: Out of bounds read in WebRTC
  • CVE-2026-9997: Use after free in Input
  • CVE-2026-9998: Integer overflow in Skia
  • CVE-2026-9999: Inappropriate implementation in ANGLE
  • CVE-2026-10000: Use after free in Passwords
  • CVE-2026-10001: Use after free in PerformanceManager
  • CVE-2026-10002: Use after free in PDFium
  • CVE-2026-10003: Use after free in Views
  • CVE-2026-10004: Insufficient validation of untrusted input in Passwords
  • CVE-2026-10005: Use after free in WebAppInstalls
  • CVE-2026-10006: Race in WebAudio
  • CVE-2026-10007: Use after free in SVG
  • CVE-2026-10008: Uninitialized Use in GPU
  • CVE-2026-10009: Integer overflow in Skia
  • CVE-2026-10010: Inappropriate implementation in Input
  • CVE-2026-10011: Inappropriate implementation in Skia
  • CVE-2026-10012: Use after free in Skia
  • CVE-2026-10013: Use after free in WebCodecs
  • CVE-2026-10014: Use after free in WebMIDI
  • CVE-2026-10015: Integer overflow in WTF
  • CVE-2026-10016: Use after free in DOM
  • CVE-2026-10017: Out of bounds read in Headless
  • CVE-2026-10018: Integer overflow in ANGLE
  • CVE-2026-10019: Integer overflow in ANGLE
  • CVE-2026-10020: Insufficient validation of untrusted input in Skia
  • CVE-2026-10021: Insufficient validation of untrusted input in USB
  • CVE-2026-10022: Type Confusion in V8

chromium-148.0.7778.215-1.fc43

Fedora Security Advisories
13 hours 12 minutes ago
FEDORA-2026-c004108bb8 Packages in this update:
  • chromium-148.0.7778.215-1.fc43
Update description:

Update to 148.0.7778.215

  • CVE-2026-9872: Out of bounds write in GPU
  • CVE-2026-9873: Use after free in Network
  • CVE-2026-9874: Use after free in Dawn
  • CVE-2026-9875: Out of bounds read in WebGL
  • CVE-2026-9876: Use after free in WebGL
  • CVE-2026-9877: Use after free in ANGLE
  • CVE-2026-9878: Use after free in ANGLE
  • CVE-2026-9879: Out of bounds write in ANGLE
  • CVE-2026-9880: Insufficient validation of untrusted input in WebGL
  • CVE-2026-9881: Use after free in Bluetooth
  • CVE-2026-9882: Integer overflow in ANGLE
  • CVE-2026-9883: Use after free in Base
  • CVE-2026-9884: Use after free in Browser
  • CVE-2026-9885: Insufficient validation of untrusted input in UI
  • CVE-2026-9886: Use after free in Base
  • CVE-2026-9887: Use after free in Proxy
  • CVE-2026-9888: Use after free in WebView
  • CVE-2026-9889: Out of bounds read and write in Dawn
  • CVE-2026-9890: Use after free in XR
  • CVE-2026-9891: Use after free in Extensions
  • CVE-2026-9892: Inappropriate implementation in Skia
  • CVE-2026-9893: Use after free in Skia
  • CVE-2026-9894: Use after free in GPU
  • CVE-2026-9895: Out of bounds read in GPU
  • CVE-2026-9896: Out of bounds write in V8
  • CVE-2026-9897: Use after free in DOM
  • CVE-2026-9898: Insufficient validation of untrusted input in GPU
  • CVE-2026-9899: Use after free in ANGLE
  • CVE-2026-9900: Out of bounds write in ANGLE
  • CVE-2026-9901: Use after free in ANGLE
  • CVE-2026-9902: Use after free in Accessibility
  • CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
  • CVE-2026-9904: Use after free in ANGLE
  • CVE-2026-9905: Use after free in Accessibility
  • CVE-2026-9906: Out of bounds write in GPU
  • CVE-2026-9907: Out of bounds read in Dawn
  • CVE-2026-9908: Out of bounds read in ANGLE
  • CVE-2026-9909: Integer overflow in Skia
  • CVE-2026-9910: Out of bounds memory access in ANGLE
  • CVE-2026-9911: Integer overflow in ANGLE
  • CVE-2026-9912: Inappropriate implementation in GPU
  • CVE-2026-9913: Inappropriate implementation in ANGLE
  • CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9915: Heap buffer overflow in ANGLE
  • CVE-2026-9916: Out of bounds write in ANGLE
  • CVE-2026-9917: Uninitialized Use in WebGL
  • CVE-2026-9918: Inappropriate implementation in Tint
  • CVE-2026-9919: Out of bounds read in WebGL
  • CVE-2026-9920: Uninitialized Use in GPU
  • CVE-2026-9921: Uninitialized Use in WebGL
  • CVE-2026-9922: Use after free in GPU
  • CVE-2026-9923: Use after free in Skia
  • CVE-2026-9924: Heap buffer overflow in ANGLE
  • CVE-2026-9925: Use after free in ANGLE
  • CVE-2026-9926: Heap buffer overflow in ANGLE
  • CVE-2026-9927: Use after free in ANGLE
  • CVE-2026-9928: Out of bounds read in ANGLE
  • CVE-2026-9929: Inappropriate implementation in WebGL
  • CVE-2026-9930: Out of bounds write in Dawn
  • CVE-2026-9931: Use after free in GPU
  • CVE-2026-9932: Use after free in ANGLE
  • CVE-2026-9933: Use after free in Input
  • CVE-2026-9934: Use after free in Aura
  • CVE-2026-9935: Uninitialized Use in ANGLE
  • CVE-2026-9936: Use after free in GFX
  • CVE-2026-9937: Use after free in UI
  • CVE-2026-9938: Inappropriate implementation in V8
  • CVE-2026-9939: Heap buffer overflow in WebCodecs
  • CVE-2026-9940: Heap buffer overflow in ANGLE
  • CVE-2026-9941: Use after free in ANGLE
  • CVE-2026-9942: Uninitialized Use in ANGLE
  • CVE-2026-9943: Out of bounds read in WebGL
  • CVE-2026-9944: Uninitialized Use in ANGLE
  • CVE-2026-9945: Use after free in Media
  • CVE-2026-9946: Use after free in ANGLE
  • CVE-2026-9947: Use after free in XML
  • CVE-2026-9948: Use after free in Views
  • CVE-2026-9949: Use after free in Core
  • CVE-2026-9950: Insufficient validation of untrusted input in iOS
  • CVE-2026-9951: Use after free in UI
  • CVE-2026-9952: Use after free in WebAudio
  • CVE-2026-9953: Out of bounds read in ANGLE
  • CVE-2026-9954: Use after free in TabStrip
  • CVE-2026-9955: Inappropriate implementation in iOS
  • CVE-2026-9956: Use after free in iOS
  • CVE-2026-9957: Use after free in PDF
  • CVE-2026-9958: Use after free in PDFium
  • CVE-2026-9959: Race in WebRTC
  • CVE-2026-9960: Integer overflow in PDFium
  • CVE-2026-9961: Use after free in SurfaceCapture
  • CVE-2026-9962: Use after free in WebRTC
  • CVE-2026-9963: Uninitialized Use in iOS
  • CVE-2026-9964: Use after free in Bluetooth
  • CVE-2026-9965: Out of bounds write in ANGLE
  • CVE-2026-9966: Integer overflow in XML
  • CVE-2026-9967: Out of bounds write in GPU
  • CVE-2026-9968: Integer overflow in V8
  • CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9970: Use after free in WebGL
  • CVE-2026-9971: Inappropriate implementation in iOS
  • CVE-2026-9972: Uninitialized Use in Gamepad
  • CVE-2026-9973: Out of bounds write in V8
  • CVE-2026-9974: Out of bounds write in GPU
  • CVE-2026-9975: Out of bounds read and write in ANGLE
  • CVE-2026-9976: Inappropriate implementation in USB
  • CVE-2026-9977: Insufficient validation of untrusted input in WebShare
  • CVE-2026-9978: Use after free in Glic
  • CVE-2026-9979: Insufficient validation of untrusted input in Input
  • CVE-2026-9980: Insufficient validation of untrusted input in Printing
  • CVE-2026-9981: Inappropriate implementation in Skia
  • CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
  • CVE-2026-9983: Type Confusion in Skia
  • CVE-2026-9984: Use after free in UI
  • CVE-2026-9985: Insufficient validation of untrusted input in Media
  • CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
  • CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
  • CVE-2026-9988: Use after free in WebRTC
  • CVE-2026-9989: Inappropriate implementation in Media
  • CVE-2026-9990: Use after free in WebAppInstalls
  • CVE-2026-9991: Inappropriate implementation in Media
  • CVE-2026-9992: Use after free in Network
  • CVE-2026-9993: Use after free in Views
  • CVE-2026-9994: Use after free in Core
  • CVE-2026-9995: Use after free in WebXR
  • CVE-2026-9996: Out of bounds read in WebRTC
  • CVE-2026-9997: Use after free in Input
  • CVE-2026-9998: Integer overflow in Skia
  • CVE-2026-9999: Inappropriate implementation in ANGLE
  • CVE-2026-10000: Use after free in Passwords
  • CVE-2026-10001: Use after free in PerformanceManager
  • CVE-2026-10002: Use after free in PDFium
  • CVE-2026-10003: Use after free in Views
  • CVE-2026-10004: Insufficient validation of untrusted input in Passwords
  • CVE-2026-10005: Use after free in WebAppInstalls
  • CVE-2026-10006: Race in WebAudio
  • CVE-2026-10007: Use after free in SVG
  • CVE-2026-10008: Uninitialized Use in GPU
  • CVE-2026-10009: Integer overflow in Skia
  • CVE-2026-10010: Inappropriate implementation in Input
  • CVE-2026-10011: Inappropriate implementation in Skia
  • CVE-2026-10012: Use after free in Skia
  • CVE-2026-10013: Use after free in WebCodecs
  • CVE-2026-10014: Use after free in WebMIDI
  • CVE-2026-10015: Integer overflow in WTF
  • CVE-2026-10016: Use after free in DOM
  • CVE-2026-10017: Out of bounds read in Headless
  • CVE-2026-10018: Integer overflow in ANGLE
  • CVE-2026-10019: Integer overflow in ANGLE
  • CVE-2026-10020: Insufficient validation of untrusted input in Skia
  • CVE-2026-10021: Insufficient validation of untrusted input in USB
  • CVE-2026-10022: Type Confusion in V8

USN-8344-2: pip regression

Ubuntu Security Advisories
1 day ago
USN-8344-1 fixed vulnerabilities in pip. On Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS the patches for CVE-2025-66471 caused a regression when using pip. The patches for CVE-2025-66471 have been temporarily reverted pending investigation. We apologize for the inconvenience. Original advisory details: It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. (CVE-2024-35195) It was discovered that pip's bundled urllib3 library did not limit the number of decompression steps when processing HTTP responses. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66418) It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66471)

rsync-3.4.3-1.fc43

Fedora Security Advisories
1 day 2 hours ago
FEDORA-2026-e1ed3b1fa8 Packages in this update:
  • rsync-3.4.3-1.fc43
Update description:

New version 3.4.3. The rsync-patches are no longer supported so I removed them. The only patch used from that repo is detect-renamed and detect-renamed-lax. I keep these alive for F43 at least but maintaining them is becoming harder and harder. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232

rsync-3.4.3-1.fc44

Fedora Security Advisories
1 day 2 hours ago
FEDORA-2026-d14cd355b3 Packages in this update:
  • rsync-3.4.3-1.fc44
Update description:

New version 3.4.3. The rsync-patches are no longer supported so I removed them. The only patch used from that repo is detect-renamed and detect-renamed-lax. I keep these alive for F43 at least but maintaining them is becoming harder and harder. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232

keylime-7.14.2-1.fc43

Fedora Security Advisories
1 day 5 hours ago
FEDORA-2026-513c495139 Packages in this update:
  • keylime-7.14.2-1.fc43
Update description:

Updating for Keylime release v7.14.2:

  • This includes the fix for CVE-2026-6420.
  • Update keylime-selinux policy to the latest version 44.1.0

keylime-7.14.2-1.fc44

Fedora Security Advisories
1 day 5 hours ago
FEDORA-2026-9064cdf8ef Packages in this update:
  • keylime-7.14.2-1.fc44
Update description:

Updating for Keylime release v7.14.2:

  • This includes the fix for CVE-2026-6420.
  • Update keylime-selinux policy to the latest version 44.1.0

USN-8338-2: Apache HTTP Server regression

Ubuntu Security Advisories
1 day 9 hours ago
USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented mod_http2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-38709) Will Dormann and David Warren discovered that Apache HTTP Server's HTTP/2 implementation did not properly reclaim memory when streams were reset by clients. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-45802) Keran Mu and Jianjun Chen discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-24795) Orange Tsai discovered that Apache HTTP Server mod_proxy incorrectly handled URL encoding. A remote attacker could possibly use this issue to bypass authentication via crafted requests. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-38473) Orange Tsai discovered that Apache HTTP Server could be caused to perform server-side request forgery (SSRF) via malicious backend response headers. A remote attacker could possibly use this issue to conduct SSRF attacks or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38476) Orange Tsai discovered that Apache HTTP Server mod_proxy did not properly handle certain null pointer conditions. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38477) Orange Tsai discovered that Apache HTTP Server mod_rewrite could be made to perform server-side request forgery (SSRF) via unsafe RewriteRules. A remote attacker could possibly use this issue to conduct SSRF attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-39573) It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-42516) It was discovered that Apache HTTP Server could be caused to perform server-side request forgery (SSRF) via mod_headers modifying Content-Type headers. A remote attacker could possibly use this issue to conduct SSRF attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-43204) John Runyon discovered that Apache HTTP Server mod_ssl did not properly escape user-supplied data before writing log entries. A remote attacker could possibly use this issue to insert escape sequences into log files. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-47252) Robert Merget discovered that Apache HTTP Server with SSLEngine optional was vulnerable to HTTP desynchronisation attacks. An attacker in a privileged network position could possibly use this issue to hijack HTTP sessions. This issue only affected Ubuntu 14.04 LTS. (CVE-2025-49812) It was discovered that Apache HTTP Server mod_md had an integer overflow in the ACME certificate renewal backoff timer. An attacker could possibly use this issue to cause excessive certificate renewal requests. This issue only affected Ubuntu 20.04 LTS. (CVE-2025-55753) Anthony Parfenov discovered that Apache HTTP Server with SSI enabled and mod_cgid passed shell-escaped query strings to #exec cmd directives. A remote attacker could possibly use this issue to perform command injection. (CVE-2025-58098) Mattias Åsander discovered that Apache HTTP Server incorrectly gave precedence to environment variables from HTTP headers over server-calculated CGI variables. A remote attacker could possibly use this issue to influence the environment of CGI programs. (CVE-2025-65082) Mattias Åsander discovered that Apache HTTP Server mod_userdir with suexec could be caused to run CGI scripts under an unexpected user ID via RequestHeader directives in .htaccess files. An attacker with .htaccess write access could possibly use this issue to bypass suexec user restrictions. (CVE-2025-66200)