OESA-2026-1884 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

OESA-2026-1885 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

OESA-2026-1883 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

OESA-2026-1882 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

...

CVE-2026-28389

A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence,...

ROS-20260410-73-0017

Vulnerability in expat related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260410-73-0019

Vulnerability in expat related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260410-73-0012

Vulnerability in libssh related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-1584 Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

NULL Pointer Dereference When Processing a Delta CRL

...

SUSE CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

CLSA-2026-1775688216 augeas: Fix of CVE-2025-2588

CVE-2025-2588: fix null pointer dereference in recaseexpand...

Security Bulletin: EDB PGAI Databases is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI Databases 18.0. It has been addressed in 18.2. Hence, IBM strongly recommends upgrading to 18.2. Vulnerability Details CVEID:CVE-2024-25260 DESCRIPTION: elfutils v0.189 was discovered to contain a NULL pointer dereference via the handleverdef...

CVE-2026-28390

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006572)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006572 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in sndac97mixer smatch error:...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006632)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006632 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ibcorecleanup KASAN reported a null-ptr-deref error: KASAN:...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006689)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006689 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when...

SUSE CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...