CLSA-2026-1773308764 Fix CVE(s): CVE-2026-25796, CVE-2026-25798, CVE-2026-25799, CVE-2026-26066

SECURITY UPDATE: denial-of-service via division-by-zero in image loading - debian/patches/CVE-2026-25799.patch: Fix sampling-factor validation by replacing incorrect AND with OR in horizontal/vertical axis checks and prevent acceptance of invalid sampling caused by flawed boolean logic. -...

Vulnerabilities fixed in Fortinet FortiWeb

Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.8.6-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libarchive: fix incompatibility with...

Vim 代码问题漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim from 9.1.0011 to 9.2.0137 contained code-related vulnerabilities. These vulnerabilities were caused by errors in the NFA regular expression compiler when processing character ranges that included combin...

Fedora 44 : libmaxminddb (2026-814fe58971)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-814fe58971 advisory. libmaxminddb 1.13.1 - Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 - MMDBgetentrydatalist now validates that the claimed array/map size is...

Adobe Substance 3D Painter < 11.1.3 (APSB26-25)

The version of Adobe Substance 3D Painter installed on the remote host is prior to 11.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-25 advisory. - Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability...

SUSE CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

CLSA-2026-1773225871 Fix CVE(s): CVE-2026-25796, CVE-2026-25798, CVE-2026-25799, CVE-2026-26066

SECURITY UPDATE: division-by-zero during image loading resulting in reliable denial-of-service - debian/patches/CVE-2026-25799.patch: Fix sampling-factor validation by replacing && with || so invalid horizontal or vertical factors trigger an error; cause: incorrect boolean expression required bot...

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.

...

curl: NULL Pointer Dereference (DoS) in libcurl SFTP QUOTE command parsing due to missing return statement

Summary: A logic flaw in lib/vssh/libssh2.c causes a NULL pointer dereference when parsing SFTP QUOTE commands with trailing garbage. The function returnquoteerror is called to handle errors and free memory, but the return keyword is missing in several blocks e.g., lines 840, 857, 870. This allow...

openSUSE 16 Security Update : ImageMagick (openSUSE-SU-2026:20337-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20337-1 advisory. - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can...

openSUSE 15 Security Update : c3p0 and mchange-commons (SUSE-SU-2026:0855-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0855-1 advisory. c3p0: - Security issues fixed: - CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 - Fix the null pointer exception in the...

SUSE SLED15: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2026:0853-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0853-1 advisory. - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484:...

SUSE SLES15: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2026:0852-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0852-1 advisory. - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial ...

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:0854-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0854-1 advisory. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service...

ROS-20260311-73-0015

Vulnerability in expat related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2026-10767

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...

EUVD-2026-10766

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...

EUVD-2026-10764

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue...

EUVD-2026-10765

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue...