Advisory ROSA-SA-2025-2968

software: libheif 1.19.8 WASP: ROSA-CHROME unaffected versions = libheif-1.19.8-1 affected versions libheif-1.19.8-1 CVE-ID: CVE-2025-43966 BDU-ID: None CVE-Crit: LOW CVE-DESC.: Vulnerability: In libheif before 1.19.6, the ImageItemiden function dereferences a null pointer in image-items/iden.cc...

CVE-2025-39674

CVE-2025-39674 affects the Linux kernel scsi: ufs: ufs-qcom path. Root cause: a regression from removing MSI descriptor abuse caused a NULL pointer dereference when Platform MSI allocation fails while configuring ESI, due to cleanup using __free() on resources that were never allocated. The issue...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27746)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Linux Distros Unpatched Vulnerability : CVE-2025-38559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intelpmtread for...

CVE-2025-30272

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later...

CVE-2025-29888 File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

Linux Distros Unpatched Vulnerability : CVE-2020-25866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed not...

Linux Distros Unpatched Vulnerability : CVE-2019-19308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In texttoglyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section...

CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

AZL-66605 CVE-2025-38630 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fbaddvideomode to prevent null-ptr-deref fbaddvideomode can fail with -ENOMEM when its internal kmalloc cannot allocate a struct fbmodelist. If that happens, the modelist stays empty but the driver continues t...

CVE-2025-38610

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

Linux Distros Unpatched Vulnerability : CVE-2021-30199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In filters/reframelatm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gffilterpckgetdata is called. The first arg pck may be null with a crafted mp4...

Linux Distros Unpatched Vulnerability : CVE-2025-21953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfsremove When on a MANA VM hibernation is triggere...

Linux Distros Unpatched Vulnerability : CVE-2025-37844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifsserverdbg implies server to be non-NULL...

Linux Distros Unpatched Vulnerability : CVE-2025-22031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion When BIOS neglects to assi...

CVE-2025-53141

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

Linux Distros Unpatched Vulnerability : CVE-2025-38281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Add NULL check in mt7996thermalinit devmkasprintf can return a NULL...

Linux Distros Unpatched Vulnerability : CVE-2023-53049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange When ucsiinit fails, ucsi-connector...

Linux Distros Unpatched Vulnerability : CVE-2022-49928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed There is a null-ptr-deref when xps...

Denial of Service via Unbounded parameter values

Description The /api/memories endpoint in the LibreChat application is found to be accepting arbitrarily large values for the key and value parameters. These inputs are not being properly validated or restricted in terms of maximum allowed character length. When an input containing more than 100...