curl: NULL pointer dereference in libcurl URL API redirect_url() with CURLU_DEFAULT_SCHEME

Summary A NULL pointer dereference appears to exist in libcurl's URL API path when curlurlset handles a relative URL together with CURLUDEFAULTSCHEME on a CURLU handle that has host/path information but no stored u-scheme. The issue is in lib/urlapi.c inside redirecturl, where u-scheme is used in...

krb5 security update

An update is available for krb5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of...

MiracleLinux 8 : krb5-1.18.2-34.el8_10 (AXSA:2026-613:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-613:03 advisory. krb5: MIT Kerberos 5 krb5: Denial of Service via integer underflow and out-of-bounds read CVE-2026-40356 krb5: MIT Kerberos 5: Denial of Service via...

libsixel 代码问题漏洞

Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7-r1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect NULL checks after...

Gotenberg 竞争条件问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained a race condition vulnerability. This vulnerability stemmed from the webhook middleware using unchecked type...

PT-2026-41034

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel decode raw and sixel decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter...

CVE-2026-42442

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

CVE-2026-34339

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally...

CVE-2026-34350

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network...

CVE-2026-40413

Windows TCP/IP Denial of Service Vulnerability...

CVE-2026-40414

Windows TCP/IP Denial of Service Vulnerability...

CVE-2026-40401

Windows TCP/IP Denial of Service Vulnerability...

CVE-2026-40405

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network...

CVE-2026-43478

A flaw was found in the Linux kernel's ASoC rt1011 codec component. An incorrect helper function used to retrieve the Digital Audio Power Management DAPM context in rt1011recvspkmodeput can lead to a null pointer dereference. This issue could allow a local attacker to cause a system crash,...

SUSE CVE-2019-12455

An issue was discovered in sunxidivsclksetup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derivedname, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash. NOTE: This id is disputed as not...

CVE-2026-43478

The CVE-2026-43478 issue affects the Linux kernel ASoC codecs rt1011 path. The root cause is using an incorrect helper to obtain the DAPM context in spk_mode_put; the correct function is snd_soc_component_to_dapm() and relying on the kcontrol flow can yield a NULL pointer. Provided connected sour...

vulnerabilities handled in Adobe Illustrator

Adobe has identified several vulnerabilities in Adobe Illustrator versions 29.8.6, 30.3, and earlier. These vulnerabilities lie in the way Adobe Illustrator processes specially crafted files. There are issues with out-of-bounds write operations, NULL pointer dereferences, out-of-bounds reads, and...

CLSA-2026-1778254557 httpd: Fix of 8 CVEs

CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...

Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service DoS...