Windows UPnP Device Host Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CLSA-2025-1757947429 libreswan: Fix of CVE-2023-38711

CVE-2023-38711: fix a NULL pointer dereference in IKEv1 Quick Mode with IDIPV4ADDR/IDIPV6ADDR that causes a crash and restart of the pluto daemon when it receives an IDcr payload with IDFQDN...

net/sched: cls_flow: fix NULL pointer dereference on shared blocks

...

PT-2026-32859

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to cause a local denial of service, which can lead to system crashes or connection failures...

PT-2026-32865

Name of the Vulnerable Software and Affected Versions Windows Win32K affected versions not specified Description An untrusted pointer dereference in ICOMP allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no information about a newer version that...

PT-2026-32803

Name of the Vulnerable Software and Affected Versions Windows Universal Plug and Play UPnP Device Host affected versions not specified Description An untrusted pointer dereference in the Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

PT-2026-32797

Name of the Vulnerable Software and Affected Versions Windows Local Security Authority Subsystem Service LSASS affected versions not specified Description A null pointer dereference in the Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to cause a denial o...

PT-2026-32781

Name of the Vulnerable Software and Affected Versions Windows Universal Plug and Play UPnP Device Host affected versions not specified Description An untrusted pointer dereference in the Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally,...

PT-2026-32739

Name of the Vulnerable Software and Affected Versions Windows Sensor Data Service affected versions not specified Description An untrusted pointer dereference in the Windows Sensor Data Service allows an authorized attacker to elevate privileges locally, which can affect the system. Recommendatio...

Medium: libvncserver

Issue Overview: LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking i...

Amazon Linux 2 : libvncserver, --advisory ALAS2-2026-3247 (ALAS-2026-3247)

The version of libvncserver installed on the remote host is prior to 0.9.9-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3247 advisory. LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in th...

Important: openssl11

Issue Overview: Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NU...

ROS-20260414-73-0060

A vulnerability in the ovlpermission function of the fs/overlayfs/inode.c module of the Overlayfs file system of the Linux kernel is related to NULL pointer dereferencing. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected...

ROS-20260414-73-0043

A vulnerability in the mt7921mcuparseresponse function of the drivers/net/wireless/mediatek/mt76/mt7921/mcu.c module of the Mediatek wireless adapter driver of the Linux operating system kernel is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to gain...

ROS-20260414-73-0048

Vulnerability in kernel-lt related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260414-73-0052

Vulnerability in kernel-lt related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260414-73-0036

A vulnerability in the az6007i2cxfer function of the drivers/media/usb/dvb-usb-v2/az6007.c module of the USB multimedia device driver of the Linux kernel is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260414-73-0030

A vulnerability in the mac80211hwsimselecttxlink function of the drivers/net/wireless/virtual/mac80211hwsim.c module of the Linux kernel wireless adapter driver is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260414-73-0014

A vulnerability in the acpidsinitamlwalk function of the drivers/acpi/acpica/dswstate.c module of the ACPI Advanced Configuration and Power Interface driver of the Linux operating system kernel is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause...

SUSE CVE-2026-31422

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsflow: fix NULL pointer dereference on shared blocks flowchange calls tcfblockq and dereferences q-handle to derive a default baseclass. Shared blocks leave block-q NULL, causing a NULL deref when a flow filter witho...