61388 matches found
CVE-2025-70099
A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...
CVE-2025-70099
CVE-2025-70099 : The Red Hat/NVD entries describe a NULL pointer dereference in lwext4 1.0.0 within ext4_dir_en_get_name_len (include/ext4_dir.h). During directory iteration, the code may not validate the directory entry pointer before accessing name_len, allowing a segmentation fault and denial ...
CVE-2025-60483
A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...
EUVD-2025-210003
A NULL pointer dereference in the gfodfac4cfgdsiv1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...
PT-2026-45431
FlexRIC v2.0.0 crashes when receiving a RIC SUBSCRIPTION RESPONSE with an unknown ric id that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC SUBSCRIPTIO...
CVE-2025-70099
A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...
PT-2026-45629
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs during a memory copy operation due to invalid writes caused by a null pointer, which is a reference that does not point to any valid...
PT-2026-45548
A NULL pointer dereference in the ext4 dir en get name len function in include/ext4 dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validat...
lwext4 security vulnerabilities
lwext4 is an embedded library developed by Grzegorz Kostka, designed to provide ext2/3/4 file systems for microcontrollers. Version 1.0.0 of lwext4 contains a security vulnerability; this vulnerability stems from a null pointer dereferencing in the ext4direngetnamelen function, which could lead t...
RockyLinux 9 : php:8.3 (RLSA-2026:22142)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22142 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...
Moderate: compat-openssl10 security update
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: OpenSSL:...
ALSA-2026:22305 Important: php:8.2 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...
PT-2026-45415
A NULL pointer dereference in the gf odf ac4 cfg dsi v1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...
CVE-2025-60481
Summary (useful notes): CVE-2025-60481 affects GPAC Project/MP4Box prior to 26.02.0. The issue is a NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function located in /odf/descriptors.c, which can be triggered by a crafted AC4 file and leads to Denial of Service. Impact is limited to avail...
CVE-2025-60483
GPAC MP4Box versions before 26.02.0 are affected by a NULL pointer dereference in gf_ac4_pres_b_4_back_channels_present (located in /media_tools/av_parsers.c), enabling a DoS via a crafted AC4 file. Connected sources confirm the vulnerable component/function and file, with impact described as Den...
CVE-2025-60483
A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...
EUVD-2025-210004
A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...
CVE-2025-60481
A NULL pointer dereference in the gfodfac4cfgdsiv1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...
CVE-2025-60483
A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...
CVE-2025-70099
A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...