ROS-20260313-73-0028

A vulnerability in the vccsendmsg function of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260313-73-0016

A vulnerability in the dell-wmi-sysman component of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...

ROS-20260313-73-0008

A vulnerability in the corescsi3decodespeciport function of the scsi component of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260313-73-0032

A vulnerability in the vsockfindcid function of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260313-73-0030

A vulnerability in the toatmarpd function of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Fedora 42 : libmaxminddb (2026-1e497526c7)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1e497526c7 advisory. libmaxminddb 1.13.1 - Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 - MMDBgetentrydatalist now validates that the claimed array/map size is...

DEBIAN-CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249

Vim vulnerability CVE-2026-32249 affects versions 9.1.0011 up to before 9.2.0137, in the NFA regex compiler. When a collection contains a combining character as the endpoint of a character range (e.g., [0-0\u05bb]), the compiler emits the composing bytes as separate NFA states, corrupting the NFA...

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CLSA-2026-1773308764 Fix CVE(s): CVE-2026-25796, CVE-2026-25798, CVE-2026-25799, CVE-2026-26066

SECURITY UPDATE: denial-of-service via division-by-zero in image loading - debian/patches/CVE-2026-25799.patch: Fix sampling-factor validation by replacing incorrect AND with OR in horizontal/vertical axis checks and prevent acceptance of invalid sampling caused by flawed boolean logic. -...

Vulnerabilities fixed in Fortinet FortiWeb

Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.8.6-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libarchive: fix incompatibility with...

Vim 代码问题漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim from 9.1.0011 to 9.2.0137 contained code-related vulnerabilities. These vulnerabilities were caused by errors in the NFA regular expression compiler when processing character ranges that included combin...

Adobe Substance 3D Painter < 11.1.3 (APSB26-25)

The version of Adobe Substance 3D Painter installed on the remote host is prior to 11.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-25 advisory. - Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability...

Fedora 44 : libmaxminddb (2026-814fe58971)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-814fe58971 advisory. libmaxminddb 1.13.1 - Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 - MMDBgetentrydatalist now validates that the claimed array/map size is...

SUSE CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

CLSA-2026-1773225871 Fix CVE(s): CVE-2026-25796, CVE-2026-25798, CVE-2026-25799, CVE-2026-26066

SECURITY UPDATE: division-by-zero during image loading resulting in reliable denial-of-service - debian/patches/CVE-2026-25799.patch: Fix sampling-factor validation by replacing && with || so invalid horizontal or vertical factors trigger an error; cause: incorrect boolean expression required bot...