4600 matches found
CVE-2026-42765
A flaw was found in OpenSSL. When an application is configured with specific non-default settings for certificate verification, including both Online Certificate Status Protocol OCSP response checking and partial chain verification, a NULL dereference can occur. This vulnerability can be triggere...
PYSEC-2026-1963 TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
Impact When the parameter summarize of tf.rawops.Print is zero, the new method SummarizeArray will reference to a nullptr, leading to a seg fault. python import tensorflow as tf tf.rawops.Printinput = tf.constant1, 1, 1, 1,dtype=tf.int32, data = False, False, False, False, False, False, False,...
PYSEC-2026-961 TensorFlow has null dereference on ParallelConcat with XLA
Impact When running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. python import tensorflow as tf func = tf.rawops.ParallelConcat para = 'shape': 0, 'values': 1 @tf.functionjitcompile=True def test: y =...
PYSEC-2026-968 TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`
Impact When mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name, it crashes. cpp Status GraphDefImporter::ConvertNodeDefOpBuilder &builder, ConversionState &s, const NodeDef &node VLOG4 opdef; else auto it = functionopdefs.findnode.op; if it ==...
PYSEC-2026-994 TensorFlow vulnerable to null dereference on MLIR on empty function attributes
Impact When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. cpp // Import the function attributes with a tf. prefix to match the current // infrastructure expectations. for const auto& namedAttr : func.attr const std::string& name =...
PYSEC-2026-991 TensorFlow vulnerable to null dereference on MLIR on empty function attributes
Impact Eig can be fed an incorrect Tout input, resulting in a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=2, 2, shape=2, 2, dtype=tf.float32 arg1=tf.complex128 arg2=True arg3=''...
PYSEC-2026-966 TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`
Impact When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. cpp StatusOr GraphDefImporter::ArgNumTypeconst NamedAttrList &attrs, const OpDef::ArgDef &argdef, SmallVectorImpl &types // Check whether a type list attribute is specified. if !argdef.typelistattr.empty if auto...
MiracleLinux 9 : krb5-1.21.1-10.el9 (AXSA:2026-1204:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1204:04 advisory. krb5: MIT Kerberos 5 krb5: Denial of Service via integer underflow and out-of-bounds read CVE-2026-40356 krb5: MIT Kerberos 5: Denial of Service via...
OESA-2026-2872 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...
RLSA-2026:34354 Important: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability CVE-2026-6722 PHP: PHP: Denial of Service via improper handling of signed characters in ctype...
Linux Distros Unpatched Vulnerability : CVE-2026-53350
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup...
openSUSE 16 Security Update : lrzip (openSUSE-SU-2026:21179-1)
"The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21179-1 advisory. Changes in lrzip: - Update to version 0.660: Do not clean up thread structures in decompression failure conditions, fixing a use-after-free in...
CVE-2026-53350
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ASoC Wolfson Microelectronics Audio Digital Signal Processor wmadsp driver. The wmadspcontrolremove function attempts to clean up private control data without verifying if the pointer to this data is null. This can occur whe...
CVE-2026-14324 Pipewire: raop rtsp null deref
RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...
EUVD-2026-40984
In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...
php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>
A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...
Linux Distros Unpatched Vulnerability : CVE-2026-53315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/ras: Fix NULL deref in rascoregetutcsecondtimestamp rascoregetutcsecondtimestamp retrieves the current UTC timestamp in seconds since the Unix epoch...
Linux Distros Unpatched Vulnerability : CVE-2026-53316
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/ras: Fix NULL deref in rascorerasinterruptdetected Fixes a NULL pointer dereference when rascore is NULL and rascore-dev is accessed in the error path...
Linux Distros Unpatched Vulnerability : CVE-2026-53298
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine,...
Linux Distros Unpatched Vulnerability : CVE-2026-53324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded 0 for PFs and pcislotnamepdev-slot...