php:8.2 security update

An update is available for module.php, module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, php, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug3, module.php-pecl-xdebug3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a...

openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC Quick UDP Internet Connections protocol. This vulnerability, occurring when the SSLCIPHERfind...

kernel: xsk: check IFF_UP earlier in Tx path

In the Linux kernel, the following vulnerability has been resolved: xsk: check IFFUP earlier in Tx path Xsk Tx can be triggered via either sendmsg or poll syscalls. These two paths share a call to common function xskxmit which has two sanity checks within. A pseudo code example to show the two...

kernel: xsk: check IFF_UP earlier in Tx path

In the Linux kernel, the following vulnerability has been resolved: xsk: check IFFUP earlier in Tx path Xsk Tx can be triggered via either sendmsg or poll syscalls. These two paths share a call to common function xskxmit which has two sanity checks within. A pseudo code example to show the two...

SUSE CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

NVIDIA HD Audio Driver code-related vulnerabilities

NVIDIA HD Audio Driver is a high-definition audio driver developed by NVIDIA Corporation. There are code vulnerabilities in the NVIDIA HD Audio Driver, specifically an issue with null pointer dereferencing, which may lead to denial-of-service attacks...

ROS-20260128-73-0063

A vulnerability in the Linux operating system kernel is related to NULL pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260128-73-0060

Vulnerability in kernel-lt related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260128-73-0046

Vulnerability in kernel-lt related to null pointer dereferencing. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260128-73-0033

Vulnerability in kernel-lt related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-0918

The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated...

php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement

A flaw was found in PHP. When the PDO PHP Data Objects PostgreSQL driver is configured with PDO::ATTREMULATEPREPARES enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference,...

php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

A vulnerability was found in PHP. If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service...

CVE-2026-0918

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can...

CVE-2026-0918

CVE-2026-0918 affects TP-Link Tapo C220 v1 and C520WS v2 cameras. The HTTP service mishandles POST requests with an excessively large Content-Length header, causing a failed memory allocation and a NULL pointer dereference that crashes the main process. This allows an unauthenticated attacker to ...

Important: Red Hat Security Advisory: php:8.2 security update

An update for the php:8.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when processing QUIC data in the SSLCIPHERfind function. An attacker can interrupt service by sending an unknown or unsupported cipher ID. Remediation Upgrade openssl to version 3.3.6, 3.4.4, 3.5.5, 3.6.1 or...

AZL-78579 CVE-2026-22796 affecting package openssl-fips-provider 3.1.2-1

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

AZL-76113 CVE-2025-69421 affecting package edk2 for versions less than 20230301gitf80f052277c8-47

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

AZL-76212 CVE-2025-69421 affecting package openssl 1.1.1k-38

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...