Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

SUSE-SU-2026:2197-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

RLSA-2026:22142 Important: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

php:8.2 security update

An update is available for php, php-pecl-rrd, module.php, module.php-pecl-xdebug3, module.php-pecl-apcu, php-pecl-xdebug3, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, php-pecl-apcu. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a...

php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EUVD-2026-33521

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

EUVD-2026-33520

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

EUVD-2026-33519

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local...

EUVD-2025-210004

A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

CVE-2025-70099

CVE-2025-70099 : The Red Hat/NVD entries describe a NULL pointer dereference in lwext4 1.0.0 within ext4_dir_en_get_name_len (include/ext4_dir.h). During directory iteration, the code may not validate the directory entry pointer before accessing name_len, allowing a segmentation fault and denial ...

CVE-2026-37230

FlexRIC v2.0.0 crashes when the near-RT RIC receives a RICINDICATION message with a ranfuncid that does not exist in its registry. The lookup returns NULL, triggering assert in Debug builds SIGABRT or NULL pointer dereference in Release builds SIGSEGV. A remote unauthenticated attacker can crash...

PT-2026-45537

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before...

CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain trunca...

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...