CVE-2025-58472

CVE-2025-58472 is a NULL pointer dereference in Qsync Central. A remote attacker with administrator privileges can trigger a DoS. Affected product: Qsync Central; vulnerable component: not explicitly broken out beyond the OS software. Root cause: NULL pointer dereference (as described in multiple...

CVE-2025-59386

CVE-2025-59386 is a NULL pointer dereference in several QNAP OS versions. An attacker with an administrator account can trigger a DoS remotely. Fixed in QuTS hero h5.3.2.3354 build 20251225 and later. CVSS 4.0 (base 5.1, MEDIUM); Attack Vector: NETWORK; Privileges Required: HIGH; User Interaction...

CVE-2025-59386 QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-66274 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-66274 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-66274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state

A NULL pointer dereference vulnerability was found in the Intel i915 graphics driver in the Linux kernel. The intelatomicgetnewcrtcstate function can return NULL if the CRTC state was not previously obtained via intelatomicgetcrtcstate, but the return value was not checked before use. This leads ...

CLSA-2026-1770804474 Fix CVE(s): CVE-2025-69418, CVE-2025-69421, CVE-2026-22796

SECURITY UPDATE: The trailing 1-15 bytes of a message may be exposed incleartext on encryption and are not covered by the authentication tag,allowing an attacker to read or tamper with those bytes without detection - debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. CVE-2026-23874: manipulation of digital images can lead to stack overflow bsc1256976. CVE-2026-23876: maliciously crafted image can lead to heap buffer...

SUSE-SU-2026:0437-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can lead to stack overflow bsc1256976. - CVE-2026-23876: maliciously crafted image can lead to heap...

RLSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-005335)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005335 advisory. Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer...

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of Qsync Central prior to 5.0.0.4 contained a code vulnerability caused by a null pointer dereferencing, which could allow remote attackers to launch a denial-of-service...

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a code vulnerability caused by a null pointer dereferencing, which could lead to a denial-of-service attack...

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a code vulnerability caused by a null pointer dereferencing, which could allow remote attackers to launch a...

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a code vulnerability caused by a null pointer dereferencing, which could allow remote attackers to launch a...

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a code vulnerability caused by a null pointer dereferencing, which could lead to a denial-of-service attack...

QNAP Systems QuTS hero 代码问题漏洞

QNAP Systems QuTS hero is a software with data storage and management capabilities developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QuTS hero prior to h5.3.2.3354 contained a code vulnerability caused by a null pointer dereferencing. This vulnerability could...

PT-2026-7543

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A flaw exists in Qsync Central that, if exploited by a remote attacker with a user account, could lead to a denial-of-service DoS attack. The issue is a NULL pointer dereference...