NULL Pointer Dereference

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true...

CLSA-2026-1778943258 Fix CVE(s): CVE-2026-6722, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568

SECURITY UPDATE: SOAP use-after-free with SOAPPERSISTENCESESSION - debian/patches/CVE-2026-7261.patch: skip zvalptrdtor on the persisted soapobj after header parsing failure when persistence is SOAPPERSISTENCESESSION - CVE-2026-7261 SECURITY UPDATE: SOAP use-after-free via Apache Map with duplica...

CLSA-2026-1778933151 Fix CVE(s): CVE-2025-11082, CVE-2025-5244, CVE-2025-5245

SECURITY UPDATE: memory corruption in ld via fuzzed object - debian/patches/CVE-2025-5244.patch: check for empty groups in elfgcsweep to prevent NULL pointer dereference - CVE-2025-5244 SECURITY UPDATE: SEGV in objdump function debugtypesamep - debian/patches/CVE-2025-5245.patch: handle NULL...

SUSE CVE-2026-44638

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

CLSA-2026-1778892584 389-ds-base: Fix of 3 CVEs

CVE-2024-5953: fix DoS via malformed password hash on bind - CVE-2024-2199: fix DoS via malformed userPassword modify - CVE-2025-2487: fix NULL pointer deref on failed MODDN operations...

Amazon Linux 2023 : glslang, glslang-devel (ALAS2023-2026-1707)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1707 advisory. A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file...

CVE-2026-44638

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. An incorrect NULL check after a memory allocation call in the sixeldecoderaw and sixeldecode functions can lead to a NULL pointer dereference. This occurs when memory allocation fails, causing the process to crash and resulting...

CVE-2026-43333

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. This vulnerability allows a local attacker to cause a kernel null pointer dereference by directly accessing nullable PTRTOBUF pointers without proper null checks. This can lead to a system crash, resulting in a Denial of...

CVE-2026-6666

A flaw was found in PgBouncer. A remote attacker could exploit a null pointer reference vulnerability by sending a specially crafted error response without a SQLSTATE field. This could lead to a crash of the PgBouncer instance, resulting in a Denial of Service DoS for affected services. Mitigatio...

OESA-2026-2340 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

OESA-2026-2320 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

CVE-2026-41684

A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with permissions to import instance backups could craft a malicious backup archive. This archive, containing a valid inline configuration but a malformed legacy backup file, could cause the Incus daem...

CVE-2026-43335

A flaw was found in the Linux kernel's interconnect driver for Qualcomm SM8450. The issue arises from unconverted dynamic IDs for platform interconnects, leading to a NULL pointer dereference in the icclinknodes function. This vulnerability can be triggered during runtime when a pointer to a...

CVE-2026-43337

A flaw was found in the Linux kernel's drm/amd/display component. This flaw occurs because the dcn401inithw function does not properly validate a callback pointer updatebwboundingbox before use. This can lead to a NULL pointer dereference, potentially causing a system crash or denial of service...

Security update for mozjs115

This update for mozjs115 fixes the following issues CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing bsc125971...

CLSA-2026-1778787063 kernel: Fix of 122 CVEs

net: skbuff: propagate shared-frag marker through pskbcopy - mptcp: always handle address removal under msk socket lock CVE-2025-21875 - uprobes: Reject the shared zeropage in uprobewriteopcode CVE-2025-21881 - net: hns3: make sure ptp clock is unregister and freed if hclgeptpgetcycle returns an...

Node.js: NULL pointer dereference in node:sqlite DatabaseSync#applyChangeset() via malformed SQLite changeset

Summary: A 19-byte malformed SQLite changeset passed to Node.js node:sqlite DatabaseSyncapplyChangeset causes a native NULL pointer dereference and terminates the Node.js process. Description: The built-in Node.js node:sqlite API exposes DatabaseSyncapplyChangesetchangeset, options, which accepts...

Low: glslang

Issue Overview: A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer...

ROS-20260515-73-0005

A vulnerability in the opcryptkeycallback function of the Firebird database management system is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260515-73-0003

A vulnerability in the SDLinfo function of the Firebird database management system is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...