chromium -- multiple security fixes

Chrome Releases reports: This update includes 21 security fixes: 442444724 High CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG on 2025-09-02 444755026 High CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl on 2025-09-12 428189824 Medium...

Firefox -- Sandbox escape

[email protected] reports: Sandbox excape due to integer overflow in the Graphics: Canvas2D component...

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports reports: Out-of-bounds read & write in RFC 3211 KEK Unwrap Timing side-channel in SM2 algorithm on 64-bit ARM Fix Out-of-bounds read in HTTP client noproxy handling...

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2025-9866: Determine whether to bypass redirect checks per request CVE-2025-10200: Use after free in Serviceworker CVE-2025-10201: Inappropriate implementation in Mojo CVE-2025-10500: Use after free in Dawn...

openvpn-devel -- script injection vulnerability from trusted but malicious server

Gert Doering reports: Notable changes beta1 - beta2 are: ... add proper input sanitation to DNS strings to prevent an attack coming from a trusted-but-malicous OpenVPN server CVE: 2025-10680, affects unixoid systems with --dns-updown scripts and windows using the built-in powershell call Lev...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 430336833 High CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović SharpEdged on 2025-07-09 443765373 High CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep on 2025-09-09 444048019...

dnsdist -- Denial of service via crafted DoH exchange

[email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3618 / CVE-2025-5115 HTTP/2 denial of service vulnerability in bundled Jetty Medium SECURITY-3594 / CVE-2025-59474 Missing permission check allows obtaining agent names Medium SECURITY-3625 / CVE-2025-59475 Missing permission check in...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 445380761 High CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16 435875050 High CVE-2025-10500: Use after free in Dawn. Reported by Giunash Gyujeong Jin on 2025-08-03 440737137 High...

expat -- dynamic memory allocations issue

expat security advisory: libexpat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

Firefox -- Integer overflow in the SVG component

https://bugzilla.mozilla.org/showbug.cgi?id=1980788 reports: Integer overflow in the SVG component...

Firefox -- Spoofing issue in the Site Permissions component

https://bugzilla.mozilla.org/showbug.cgi?id=1665334 reports: Spoofing issue in the Site Permissions component...

Mozilla -- mitigation bypass vulnerability

[email protected] reports: The vulnerability has been rated as having moderate impact, affecting both confidentiality and integrity with low severity, while having no impact on availability. For Thunderbird specifically, the vulnerability cannot be exploited through email as scripting is...

Firefox -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=1979502 reports: Incorrect boundary conditions in the JavaScript: GC component...

Firefox -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=1970490 reports: Same-origin policy bypass in the Layout component...

Mozilla -- Information disclosure

[email protected] reports: This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Mozilla -- Incorrect boundary conditions

[email protected] reports: The vulnerability has been assessed to have moderate impact on affected systems, potentially allowing attackers to exploit incorrect boundary conditions in the JavaScript Garbage Collection component. In Thunderbird specifically, these flaws cannot be exploited throu...

Mozilla -- Sandbox escape due to use-after-free

[email protected] reports: Sandbox escape due to use-after-free...

Firefox -- Sandbox escape due to undefined behavior

https://bugzilla.mozilla.org/showbug.cgi?id=1986185 reports: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...

Firefox -- Information disclosure in the Networking: Cache component

https://bugzilla.mozilla.org/showbug.cgi?id=1981502 reports: Information disclosure in the Networking: Cache component...

Mozilla -- Memory safety bugs

[email protected] reports: Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Mozilla -- spoofing

[email protected] reports: Spoofing issue in the Site Permission component...

Firefox -- Mitigation bypass

https://bugzilla.mozilla.org/showbug.cgi?id=1978453 reports: Mitigation bypass in the Web Compatibility: Tooling component...

Firefox -- Sandbox escape due to use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1984825 reports: Sandbox escape due to use-after-free in the Graphics: Canvas2D component...

Mozilla -- integer overflow

[email protected] reports: Integer overflow in the SVG component...

unit-java -- security vulnerability

F5 reports: When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization...

cups -- security vulnerabilities

OpenPrinting reports: When the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. An unsafe deserialization and validation of printer attributes, causes null dereference in libcups library...

CUPS -- multiple vulnerabilities

OpenPrinting reports: When the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. An unsafe deserialization and validation of printer attributes, causes null dereference in libcups library...

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service issue in SAML Responses impacts GitLab CE/EE Server-Side Request Forgery issue in Webhook custom header impacts GitLab CE/EE Denial of Service issue in User-Controllable Fields impacts GitLab CE/EE Denial of Service issue in endpoint file upload impacts GitLab...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 440454442 Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22 439305148 High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon on 2025-08-18...

mongodb -- Malformed $group Query May Cause MongoDB Server to Crash

[email protected] reports: An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This...

mongodb -- MongoDB Server router will crash when incorrect lsid is set on a sharded query

[email protected] reports: An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument lsid is provided in a case when it is not applicable...

mongodb -- MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

[email protected] reports: MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management...

Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin

Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of different use cases such as the session cache, replay cache, and relay state management. An ODBC extension plugin is provided with some distributions of the software notably on Windows. A SQL injectio...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 434513380 High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28 437147699 Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07...

Django -- multiple vulnerabilities

Django reports: CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases...

exiv2 -- Denial-of-service

Kevin Backhouse reports: A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying th...

exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata()

Kevin Backhouse reports: An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into ...

libudisks -- Udisks: out-of-bounds read in udisks daemon

[email protected] reports: A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it...

PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS

[email protected] reports: The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:...

Gitlab -- vulnerabilities

Gitlab reports: Allocation of Resources Without Limits issue in import function impacts GitLab CE/EE Missing authentication issue in GraphQL endpoint impacts GitLab CE/EE Allocation of Resources Without Limits issue in GraphQL impacts GitLab CE/EE Code injection issue in GitLab repositories impac...

ISC KEA -- kea-dhcp4 aborts if client sends a broadcast request with particular options

Internet Systems Consortium, Inc. reports: We corrected an issue in kea-dhcp4 that caused the server to abort if a client sent a broadcast request with particular options, and Kea failed to find an appropriate subnet for that client. This addresses CVE-2025-40779 4055, 4048...

Mozilla -- Same-origin policy bypass in the Graphics: Canvas2D component

https://bugzilla.mozilla.org/showbug.cgi?id=1979782 reports: Same-origin policy bypass in the Graphics: Canvas2D component...

Mozilla -- DoS in WebRender

[email protected] reports: 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.'...

Mozilla -- memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

Firefox -- Spoofing in the Address Bar

[email protected] reports: Spoofing issue in the Address Bar component...

Mozilla -- memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Mozilla -- Same-origin policy bypass

[email protected] reports: 'Same-origin policy bypass in the Graphics: Canvas2D component.'...

Mozilla -- Denial-of-service due to out-of-memory

https://bugzilla.mozilla.org/showbug.cgi?id=1975837 reports: Denial-of-service due to out-of-memory in the Graphics: WebRender component...