SUSE-SU-2026:21031-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

Linux Distros Unpatched Vulnerability : CVE-2026-28388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number...

PT-2026-31038

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash befor...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

OpenSSL Security Advisory 20260407

OpenSSL Security Advisory 20260407 - Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigge...

VMware Workstation 17.x, 25H2 < 25H2u1 NULL Pointer Dereference (VMSA-2026-0002)

The version of VMware Workstation installed on the remote host is 17.x, 25H2.x prior to 25H2u1. It is, therefore, affected by a vulnerability: - A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error...

Linux Distros Unpatched Vulnerability : CVE-2026-23435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/x86: Move event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed with a NULL pointer dereference in the PMU NMI handler: BUG:...

Linux Distros Unpatched Vulnerability : CVE-2026-28389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary:...

UBUNTU-CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild

A flaw was found in the Linux kernel's ice network driver. A local attacker could exploit a race condition during the Virtual Station Interface VSI rebuild process. This flaw occurs when the Precision Time Protocol PTP periodic work attempts to access uninitialized memory, leading to a NULL point...

Exploit for CVE-2026-23398

CVE-2026-23398 Linux Kernel icmptagvalidation NULL Poin...

CVE-2026-5590

A race condition during TCP connection teardown can cause tcprecv to operate on a connection that has already been released. If tcpconnsearch returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcpbacklogisfull and dereferenced without validatio...

CVE-2026-5590

CVE-2026-5590 describes a race condition during TCP connection teardown where tcp_recv() may operate on a released connection. If tcp_conn_search() returns NULL while processing a SYN, a NULL pointer from stale context data is passed to tcp_backlog_is_full() and dereferenced without validation, c...

Linux Distros Unpatched Vulnerability : CVE-2026-23438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mvpp2: guard flow control update with globaltxfc in buffer switching mvpp2bmswitchbuffers unconditionally calls mvpp2bmpoolupdateprivfc when switching...

Linux Distros Unpatched Vulnerability : CVE-2026-23442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: add NULL checks for idev in SRv6 paths in6devget can return NULL when the device has no IPv6 configuration e.g. MTU IPV6MINMTU or after NETDEVUNREGISTER...

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from race conditions during the termination of TCP connections. This vulnerability may lead to null pointer dereferencing and system crashes...

openSUSE 16 Security Update : expat (openSUSE-SU-2026:20448-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20448-1 advisory. - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. -...

SUSE SLES15 / openSUSE 15 Security Update : expat (SUSE-SU-2026:1166-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1166-1 advisory. - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity...