Apple Security Advisory 05-11-2026-6

Apple Security Advisory 05-11-2026-6 - macOS Tahoe 26.5 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

Apple Security Advisory 05-11-2026-9

Apple Security Advisory 05-11-2026-9 - tvOS 26.5 addresses buffer overflow, denial of service, information leakage, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

PT-2026-41629

Name of the Vulnerable Software and Affected Versions omec-project amf versions prior to 2.2.0 Description A flaw in the RANConfiguration function within the ngap/handler.go file allows for a remote null pointer dereference, which occurs when a program attempts to read or write to a memory locati...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the function UERadioCapabilityCheckResponse in the file ngap/dispatcher.go, which leads to...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the RANConfiguration function in the file ngap/handler.go, which allows null pointer...

PT-2026-41630

Name of the Vulnerable Software and Affected Versions omec-project amf versions prior to 2.2.0 Description A weakness in the NGAP Message Handler component, specifically within the ngap/handler.go file, allows for a null pointer dereference a situation where the software attempts to read a memory...

Apple Security Advisory 05-11-2026-1

Apple Security Advisory 05-11-2026-1 - iOS 26.5 and iPadOS 26.5 addresses buffer overflow, bypass, denial of service, information leakage, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021474 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021467 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads toa...

NULL Pointer Dereference

Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true that contain nu...

NULL Pointer Dereference

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true...

CLSA-2026-1778943258 Fix CVE(s): CVE-2026-6722, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568

SECURITY UPDATE: SOAP use-after-free with SOAPPERSISTENCESESSION - debian/patches/CVE-2026-7261.patch: skip zvalptrdtor on the persisted soapobj after header parsing failure when persistence is SOAPPERSISTENCESESSION - CVE-2026-7261 SECURITY UPDATE: SOAP use-after-free via Apache Map with duplica...

CLSA-2026-1778933151 Fix CVE(s): CVE-2025-11082, CVE-2025-5244, CVE-2025-5245

SECURITY UPDATE: memory corruption in ld via fuzzed object - debian/patches/CVE-2025-5244.patch: check for empty groups in elfgcsweep to prevent NULL pointer dereference - CVE-2025-5244 SECURITY UPDATE: SEGV in objdump function debugtypesamep - debian/patches/CVE-2025-5245.patch: handle NULL...

SUSE CVE-2026-44638

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

CLSA-2026-1778892584 389-ds-base: Fix of 3 CVEs

CVE-2024-5953: fix DoS via malformed password hash on bind - CVE-2024-2199: fix DoS via malformed userPassword modify - CVE-2025-2487: fix NULL pointer deref on failed MODDN operations...

Amazon Linux 2023 : glslang, glslang-devel (ALAS2023-2026-1707)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1707 advisory. A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file...

CVE-2026-44638

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. An incorrect NULL check after a memory allocation call in the sixeldecoderaw and sixeldecode functions can lead to a NULL pointer dereference. This occurs when memory allocation fails, causing the process to crash and resulting...

CVE-2026-43333

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. This vulnerability allows a local attacker to cause a kernel null pointer dereference by directly accessing nullable PTRTOBUF pointers without proper null checks. This can lead to a system crash, resulting in a Denial of...

CVE-2026-6666

A flaw was found in PgBouncer. A remote attacker could exploit a null pointer reference vulnerability by sending a specially crafted error response without a SQLSTATE field. This could lead to a crash of the PgBouncer instance, resulting in a Denial of Service DoS for affected services. Mitigatio...

OESA-2026-2340 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...