SUSE CVE-2026-43271

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

CVE-2026-43282

A flaw was found in the Linux kernel's RDMA Remote Direct Memory Access ionic driver. This vulnerability occurs in the ionicqueryport function, where a missing check for the return value of ibdevicegetnetdev can lead to a NULL pointer dereference. A local attacker could potentially exploit this t...

CVE-2026-43271

A flaw was found in the Linux kernel's md-cluster module. During the startup of a multi-device MD array, a race condition can occur where a remote node sends a metadata update message before the system is fully ready to process it. This premature processing leads to a null pointer dereference,...

MongoDB Server 代码问题漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 8.2 and 8.2.7 contained code vulnerabilities...

GoBGP 代码问题漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Version 4.4.0 of GoBGP contains a code vulnerability. This vulnerability arises from unauthenticated remote BGP peers sending specially crafted BGP UPDATE messages. When servers process messages with...

PT-2026-38343

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.7 Description An authenticated user can cause a denial of service by crashing the mongod process. This occurs when running $rankFusion or $scoreFusion with an empty pipeline on a view. During view resolutio...

Tor 代码问题漏洞

Tor is a virtual tunnel network operated by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a code vulnerability caused by a null pointer dereferencing when the CERT unit received data...

CVE-2026-44602

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

PT-2026-38337

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.4.9.7 Description A NULL pointer dereference occurs when a CERT cell is received out of order. A NULL pointer dereference is a runtime error that happens when a program attempts to read or write to a memory address that...

Linux Distros Unpatched Vulnerability : CVE-2026-43282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionicqueryport The function...

Linux Distros Unpatched Vulnerability : CVE-2026-44602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. CVE-2026-44602 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-43164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of...

GoBGP 代码问题漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Version 4.3.0 of GoBGP contains a code vulnerability that arises from a null pointer dereferencing during the processing of malformed BGP UPDATE messages containing unrecognized Well-known path attributes...

PT-2026-39447

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description A mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, whi...

CLSA-2026-1778111838 httpd: Fix of 9 CVEs

CVE-2026-24072: fix modrewrite apexpr privilege escalation in htaccess - CVE-2026-28780: fix modproxyajp ajpmsgcheckheader buffer over-read - CVE-2026-29169: fix moddavlock NULL pointer dereference - CVE-2026-33006: fix modauthdigest timing attack - CVE-2026-33007: fix modauthnsocache NULL...

CVE-2026-43251

A flaw was found in the Linux kernel's Human Interface Device HID prodikeys driver. A local attacker can exploit this vulnerability by connecting a specially crafted Universal Serial Bus USB device. This device can send a malicious report descriptor, bypassing a necessary check and causing a null...

CLSA-2026-1777942724 vim: Fix of 3 CVEs

CVE-2021-3928: fix reading uninitialized memory in spell suggestions spellsuggest.c - CVE-2022-1616: fix buffer overflow in invalid command with composing chars exdocmd.c - CVE-2022-1620: fix NULL pointer dereference when using invalid pattern buffer.c...

CVE-2026-43207

A flaw was found in the Linux kernel's mtk-mdp media driver. Improper error handling in the probe function could lead to a resource leak. Additionally, a missing check for the return value of vpugetplatdevice could result in a null pointer dereference, potentially causing a system crash and leadi...

CVE-2026-43189

A flaw was found in the v4l2-async component of the Linux kernel. Improper error handling during asynchronous video device matching can lead to a null pointer dereference. This issue could allow a local attacker to trigger a system crash, resulting in a Denial of Service DoS...

CVE-2026-43173

A flaw was found in the Linux kernel. A local user can trigger a NULL pointer dereference in the ixp4xxgettsinfo function within the network ethernet xscale driver. This occurs because ixp46xptpfind is unconditionally called, even on systems that do not support the ixp46x PTP feature. Successful...