CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

PT-2026-44986

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.9 Description NanoMQ is an Edge Messaging Platform. A null pointer dereference can occur in the quic stream recv function when a substream is in a reopen state. The system completes the Asynchronous I/O AIO...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2026:2103-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2103-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957....

RockyLinux 10 : krb5 (RLSA-2026:19145)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19145 advisory. krb5: MIT Kerberos 5 krb5: Denial of Service via integer underflow and out-of-bounds read CVE-2026-40356 krb5: MIT Kerberos 5: Denial of Service via NU...

Linux Distros Unpatched Vulnerability : CVE-2026-45911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However,...

AlmaLinux 9 : httpd (ALSA-2026:21391)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due ...

CVE-2025-71307

A flaw was found in the Linux kernel's drm/panthor component. This vulnerability, a NULL pointer dereference, occurs during the firmware unplug process when the Microcontroller Unit MCU is in an unexpected state or its firmware is not initialized. This can lead to system instability or a denial o...

CVE-2025-71308

A flaw was found in the Linux kernel's accel/amdxdna module. During error handling in the aie2createcontext function, the aiedestroycontext function can be called when a mailbox channel pointer is unexpectedly null. This can lead to a NULL pointer dereference, potentially causing a system crash a...

CVE-2026-46110

A flaw was found in the Linux kernel's stmmac driver. When the system experiences receive RX memory exhaustion, the stmmacrx function can misinterpret already-processed data descriptors as valid, leading to a NULL pointer dereference. This vulnerability can cause the system to panic, resulting in...

CVE-2026-46118

A flaw was found in the Linux kernel's pseries/papr-hvpipe component. A local user could trigger a null pointer dereference in the paprhvpipedevcreatehandle function. This occurs when srcinfo is improperly re-used after being nulled, leading to a kernel panic. This vulnerability could result in a...

CVE-2026-46211

A flaw was found in the Linux kernel's drm/msm/gem component. Improper error handling within the msmioctlgeminfogetmetadata function can lead to a NULL pointer dereference. This occurs because the function fails to check for allocation failures and incorrectly reports success even when operations...

CVE-2026-46222

A flaw was found in the Linux kernel, specifically within the rockchip: rkcif media driver. This vulnerability occurs because the driver's pads do not properly check for connected devices, which can lead to a null pointer dereference when a media stream is enabled. A local attacker could exploit...

CVE-2026-46233

A flaw was found in the Linux kernel's batman-adv module. This vulnerability allows a local attacker to trigger a NULL-pointer dereference within the batadvblapurgeclaims function. This issue arises from a timing conflict when a claim is being released simultaneously, causing a critical pointer t...

CVE-2026-46235

A flaw was found in the saa7164 media driver in the Linux kernel. This vulnerability occurs due to missing return value checks for ioremap calls within the saa7164devsetup function. If ioremap fails for BAR0 or BAR2, it can lead to null pointer dereferences and improper cleanup of PCI memory...

CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

CVE-2026-47335

Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic...

CVE-2026-47337

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AFINET/AFINET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

CVE-2026-47337 NULL pointer dereference in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AFINET/AFINET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

CVE-2026-47337

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AFINET/AFINET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

CVE-2026-47337

The CVE-2026-47337 issue affects Ubuntu Linux platforms (6.8, 6.17, 7.0) that include SAUCE patches. A NULL pointer dereference can occur in the handling of AF_INET/AF_INET6 socket mediation, potentially allowing an unprivileged local user to trigger a kernel oops. Affected component is the kerne...