CVE-2025-64169 Wazuh NULL pointer dereference in fim_alert line 666

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fimalert implementation does not check whether oldsum-md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a...

EulerOS 2.0 SP13 : openjpeg2 (EulerOS-SA-2025-2451)

According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.CVE-2025-50952 Tenable has extracted the...

EulerOS 2.0 SP13 : openjpeg2 (EulerOS-SA-2025-2441)

According to the versions of the openjpeg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.CVE-2025-50952 Tenable has extracted the...

TencentOS Server 4: ffmpeg (TSSA-2025:0714)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0714 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: kernel (TSSA-2025:0429)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0429 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: augeas (TSSA-2025:0277)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0277 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: unbound (TSSA-2025:0512)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0512 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: libsoup3 (TSSA-2025:0587)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0587 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-13397

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

CVE-2025-13397 mrubyc alloc.c mrbc_raw_realloc null pointer dereference

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

PT-2025-47462

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc raw realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

PT-2025-49094

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's be2net component where the be insert vlan in pkt function is called with a NULL wrb params argument at the be send pkt to bmc call site. This can lead...

Expired Pointer Dereference

Overview mongodb/mongodb-extension is a MongoDB driver extension Affected versions of this package are vulnerable to Expired Pointer Dereference via mongocbulkoperationt when large options are passed. An attacker can cause the application to read invalid memory. Remediation Upgrade...

Siemens SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-49907)

drm/amd/display: missing null pointer check before using dc-clkmgr. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504572; scriptversion"1.2";...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56568)

iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when ofdmaconfigure for client is called after the iommudeviceregister for smmu driver probe has executed but before the driverbound for...

Siemens SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-49913)

drm/amd/display: missing null check for toppipetoprogram in commitplanesforstream. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504619;...

Siemens SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-50198)

iio: light: veml6030: fix IIO device retrieval from embedded device. The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c client. devtoiiodev must be used to accessthe right data. The...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49877)

ocfs2: When doing cleanup, if flags do not have OCFS2BHREADAHEAD set, it may trigger NULL pointer dereference in the following ocfs2setbufferuptodate if bh is NULL. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46755)

wifi: mwifiex: Do not return unused priv in mwifiexgetprivbyid. mwifiexgetprivbyid returns the priv pointer corresponding to the bssnum and bsstype, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL...

Siemens SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-53226)

RDMA/hns: vulnerability due to a potential NULL pointer dereference in hnsrocemapmrsg because ibmapmrsg allows upper layer protocols ULPs to specify NULL as the sgoffset argument, requiring the driver to check for NULL before dereferencing. This plugin only works with Tenable.ot. Please visit...