OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

PT-2026-31038

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash befor...

OpenSSL Security Advisory 20260407

OpenSSL Security Advisory 20260407 - Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigge...

Linux Distros Unpatched Vulnerability : CVE-2026-5745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archiveaclfromtextnl function...

VMware Workstation 17.x, 25H2 < 25H2u1 NULL Pointer Dereference (VMSA-2026-0002)

The version of VMware Workstation installed on the remote host is 17.x, 25H2.x prior to 25H2u1. It is, therefore, affected by a vulnerability: - A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-006567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006567 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in...

Linux Distros Unpatched Vulnerability : CVE-2026-28389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary:...

Linux Distros Unpatched Vulnerability : CVE-2026-28388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

libarchive 代码问题漏洞

Libarchive is an open-source multi-format archiving and compression library developed by Libarchive. There are code issues in Libarchive, specifically a vulnerability related to ACL parsing logic. This vulnerability involves null pointer dereferencing, which may cause applications to crash or...

CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

PT-2026-30880

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw exists in libarchive's ACL parsing logic within the archive acl from text nl function. Insufficient validation when processing malformed ACL strings, such as a bare "d" or "default"...

SUSE SLES15 Security Update : kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1187-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1187-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.31 fixes various security issues The following security issues were fixed: -...

Linux Distros Unpatched Vulnerability : CVE-2026-23435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/x86: Move event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed with a NULL pointer dereference in the PMU NMI handler: BUG:...

ROS-20260407-73-0025

A vulnerability in the drm/amd/display component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260407-73-0018

A vulnerability in the net/usb/asixdevices.c driver of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.2 release: Several security vulnerabilities were addressed, including: H.264 video parser NULL pointer dereference when freeing SPS/MVC data. Integer overflows in the AV1 LEB128 parser, H.266/VVC video parser, and W...

ROS-20260407-73-0035

A vulnerability in the smb module of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260407-73-0036

A vulnerability in the amdgpudm.c component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ALSA-2026:6918 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP...