CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2025-57156

NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...

CVE-2025-57155

Summary: CVE-2025-57155 affects owntone-server due to a NULL pointer dereference in the daap_reply_groups function (src/httpd_daap.c) triggered by a commit 5e6f19a, after version 28.2. This flaw allows remote attackers to cause a Denial of Service. What’s affected: owntone-server builds prior to ...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53592)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...

MiracleLinux 8 : httpd:2.4 (AXSA:2022-3749:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3749:01 advisory. httpd: modproxy NULL pointer dereference CVE-2020-13950 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

ROS-20260120-7323

A vulnerability in the drivers/net/caif/caifvirtio.c file of the Linux operating system kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2026-3655

A NULL pointer dereference in the parse meta function src/httpd daap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2025-57156

NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-52431)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

MiracleLinux 8 : glibc-2.28-251.el8.2 (AXSA:2024-8156:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8156:07 advisory. glibc: Out of bounds write in iconv may lead to remote code execution CVE-2024-2961 The glibc packages provide the standard C libraries libc, POSIX...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53590)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

MiracleLinux 8 : sqlite-3.26.0-11.el8 (AXSA:2020-1005:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1005:03 advisory. sqlite: Use-after-free in window function leading to remote code execution CVE-2019-5018 sqlite: Division by zero in whereLoopAddBtreeIndex in...

CVE-2025-63648

A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...

CVE-2025-63648

A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

MiracleLinux 8 : poppler-20.11.0-11.el8 (AXSA:2024-8323:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8323:02 advisory. poppler: NULL pointer dereference in FoFiType1C::convertToType1 CVE-2020-36024 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : libtiff-4.4.0-12.el9_4.1 (AXSA:2024-8959:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8959:05 advisory. libtiff: NULL pointer dereference in tifdirinfo.c CVE-2024-7006 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : sqlite-3.26.0-16.el8 (AXSA:2022-3931:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3931:01 advisory. sqlite: Out of bounds access during table rename CVE-2020-35527 sqlite: Null pointer derreference in src/select.c CVE-2020-35525 Tenable has extract...