Mozilla -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=2029301 reports: Incorrect boundary conditions in the Audio/Video: Playback component...

CVE-2026-43253

A flaw was found in the Linux kernel's IOMMU Input/Output Memory Management Unit AMD component. When the system operates under a stressed environment with iommu.strict=1 enabled, a busy-wait operation within the waitonsem function can occur while holding a spinlock with interrupts disabled. This...

CVE-2026-43211

A flaw was found in the Linux kernel. An error in the PCI Peripheral Component Interconnect subsystem's lock management, specifically within the pcislottrylock function, can lead to system instability. This occurs when a lock is incorrectly released, potentially causing warnings or interfering wi...

CVE-2026-43208

A flaw was found in the Linux kernel's networking component. An incorrect assumption about the size and immutability of the Receive Packet Steering RPS table could lead to an out-of-bounds memory access. This vulnerability, occurring during the computation of flowid in the setrpscpu function, cou...

EUVD-2026-28055

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

EUVD-2026-27923

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

EUVD-2026-27899

Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

CVE-2026-43199

A flaw was found in the Linux kernel's net/mlx5e component. This vulnerability, identified as a "scheduling while atomic" bug, occurs when the mlx5eipsecinitmacs function attempts to query the hardware for a MAC address in an atomic context, which can lead to the system attempting to sleep. A loc...

CVE-2026-43163

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

CVE-2026-7969

Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-7939

Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7924

Uninitialized Use in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-7905

Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7979

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7983

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7957

Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7973

Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7976

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-7924

Uninitialized Use in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...