34509 matches found
CVE-2026-36909
A NULL pointer dereference in the AP4TkhdAtom::GetTrackId function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36912
A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-53348
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA System on Chip ASoC SoundWire Digital Audio SDCA component. The sdcadevunregisterfunctions function does not properly check for NULL function device entries during unregistration. This oversight can lead to a NULL point...
CVE-2026-53338
A flaw was found in the Linux kernel's Airoha QDMA driver. This vulnerability occurs when the ofreservedmemlookup function returns a NULL pointer, indicating that a referenced reserved memory region is not found. The driver then attempts to dereference this NULL pointer, leading to a kernel NULL...
CVE-2026-53335
A flaw was found in the Linux kernel. The DAMONLRUSORT component, responsible for memory management, does not properly handle allocation failures of the damonctx object. This can lead to a NULL pointer dereference when damoncommitctx is called with a NULL ctx pointer, potentially causing a system...
EUVD-2025-31206
Open Babel has out-of-bounds read in PQS lowerit pre-buffer read...
Important: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
USN-8489-1 linux-oem-7.0 vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
CVE-2026-53339
In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...
EUVD-2026-40971
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...
httpd: NULL pointer dereference via specially crafted request
A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...
CVE-2026-36909
A NULL pointer dereference in the AP4TkhdAtom::GetTrackId function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
RockyLinux 8 : php:7.4 (RLSA-2026:34354)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:34354 advisory. php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability CVE-2026-6722 PHP: PHP: Denial of Service via imprope...
CVE-2026-36909
Summary of CVE-2026-36909 (MPC-BE): A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function in Aleksoid1978 MPC-BE prior to commit 4341cb3 allows a crafted MP4 file to trigger a Denial of Service. Affected component: MPC-BE (Aleksoid1978). Root cause: NULL pointer dereference in Get...
EUVD-2026-9141
Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence...
EUVD-2026-40357
Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...
CVE-2026-58369 Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service
Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...
OPENSUSE-SU-2026:21179-1 Security update for lrzip
This update for lrzip fixes the following issues: Changes in lrzip: - Update to version 0.660: Do not clean up thread structures in decompression failure conditions, fixing a use-after-free in lzmadecompressbuf and a NULL pointer dereference in ucompthread on corrupt/malicious archives...
ALSA-2026:33449 Important: php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability CVE-2026-6722 PHP: PHP: Denial of Service via improper handling of signed characters in ctype...
Linux Distros Unpatched Vulnerability : CVE-2026-53299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: airoha: Move ndesc initialization at end of airohaqdmainittx If queue entry list allocation fails in airohaqdmainittxqueue routine, airohaqdmacleanuptxqueu...