437 matches found
BIT-ARGO-WORKFLOWS-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...
GHSA-4RQF-GRM6-VF75 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)
Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...
UBUNTU-CVE-2026-43463
In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpckernellookuppeer rxrpckernellookuppeer can also return error pointers in addition to NULL, so just checking for NULL is not sufficient. Fix this by: 1 Changing...
CVE-2026-43364
In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...
UBUNTU-CVE-2026-43297
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERRPTR dereference in rgabufinit rgagetframe can return ERRPTR-EINVAL when buffer type is unsupported or invalid. rgabufinit does not check the return value and unconditionally dereferences the...
SUSE CVE-2026-43008
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devmregmapinitmmio devmregmapinitmmio returns an ERRPTR on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an invalid point...
CVE-2026-43131
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...
DEBIAN-CVE-2026-33007
A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
PT-2026-36425
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devm regmap init mmio devm regmap init mmio returns an ERR PTR on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an invali...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011340)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011340 advisory. In the Linux kernel, the following vulnerability has been resolved: archtopology: Fix incorrect error check in topologyparsecpucapacity Fix incorrect use of...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013355)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013355 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quarkdts: fix error pointer dereference If allocsocdts fails, then we can just...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011281)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011281 advisory. In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011134)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011134 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quarkdts: fix error pointer dereference If allocsocdts fails, then we can just...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013080)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013080 advisory. In the Linux kernel, the following vulnerability has been resolved: archtopology: Fix incorrect error check in topologyparsecpucapacity Fix incorrect use of...
CLSA-2026-1776430169 libarchive: Fix of CVE-2026-5745
CVE-2026-5745: fix NULL pointer dereference in ACL parsing in archiveaclfromtextw...
SUSE CVE-2026-23317
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...
CVE-2026-23317
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...
UBUNTU-CVE-2026-23317
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...
CVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...
CVE-2026-26828
A NULL pointer dereference in the daapreplyplaylists function src/httpddaap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...