CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
CVE-2026-15690 (GCVE-0-2026-15690)
Vulnerability from cvelistv5 – Published: 2026-07-14 11:45 – Updated: 2026-07-14 12:56| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378237 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378237/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15690 | third-party-advisory |
| https://vuldb.com/submit/855996 | third-party-advisory |
| https://github.com/open62541/open62541/issues/8104 | exploitissue-tracking |
| https://github.com/open62541/open62541/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15690",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:56:05.426097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:56:38.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:open62541:open62541:*:*:*:*:*:*:*:*"
],
"modules": [
"Shared Client Library"
],
"product": "open62541",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
},
{
"status": "affected",
"version": "1.5.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chuan Wei"
},
{
"lang": "en",
"type": "reporter",
"value": "VULL (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "VULL (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/ua_client_connect.c of the component Shared Client Library. Such manipulation of the argument Server_NamespaceArray leads to null pointer dereference. The attack can be executed remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit is publicly available and might be used. The project closed the issue report, stating that this is not the official way to report a security vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T11:45:07.861Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378237 | open62541 Shared Client ua_client_connect.c responseReadNamespacesArray null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378237"
},
{
"name": "VDB-378237 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378237/cti"
},
{
"name": "CVE-2026-15690 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15690"
},
{
"name": "Submit #855996 | open62541 Project open62541 master (commit ca356b088ada7dee824d1b4acd07c1ff07ce242b\uff09 out-of-bounds read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855996"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/open62541/open62541/issues/8104"
},
{
"tags": [
"product"
],
"url": "https://github.com/open62541/open62541/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-14T07:19:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "open62541 Shared Client ua_client_connect.c responseReadNamespacesArray null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15690",
"datePublished": "2026-07-14T11:45:07.861Z",
"dateReserved": "2026-07-14T04:55:16.031Z",
"dateUpdated": "2026-07-14T12:56:38.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15184 (GCVE-0-2026-15184)
Vulnerability from cvelistv5 – Published: 2026-07-09 12:00 – Updated: 2026-07-09 12:55 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377110 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377110/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15184 | third-party-advisory |
| https://vuldb.com/submit/851192 | third-party-advisory |
| https://github.com/LibreDWG/libredwg/issues/1253 | issue-tracking |
| https://github.com/HackC0der/CVE-Repos/blob/main/… | exploit |
| https://github.com/LibreDWG/libredwg/commit/dde45… | patch |
| https://github.com/LibreDWG/libredwg/releases/tag/0.14 | patch |
| https://www.gnu.org/ | broken-linkproduct |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T12:54:47.638450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:55:55.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*"
],
"modules": [
"DWG File Handler"
],
"product": "LibreDWG",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "0.13.0"
},
{
"status": "affected",
"version": "0.13.1"
},
{
"status": "affected",
"version": "0.13.2"
},
{
"status": "affected",
"version": "0.13.3"
},
{
"status": "affected",
"version": "0.13.4"
},
{
"status": "unaffected",
"version": "0.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ech06 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument next_obj results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used. Upgrading to version 0.14 is sufficient to resolve this issue. The patch is named dde45dac3c4d902e4d8fed150a8017b9732019c9. Upgrading the affected component is recommended. Different than CVE-2026-9503."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:00:17.369Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377110 | GNU LibreDWG DWG File dwg.c dwg_next_entity null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377110"
},
{
"name": "VDB-377110 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377110/cti"
},
{
"name": "CVE-2026-15184 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15184"
},
{
"name": "Submit #851192 | LibreDWG 0.13.4-154-g0b573035 (main branch, commit 0b573035, 2026-04-29) \u7a7a\u6307\u9488\u89e3\u5f15\u7528 (NULL Pointer Dereference)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/851192"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/LibreDWG/libredwg/issues/1253"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_0b57303_dwggrep_segv_null_read_dwg_next_entity_dwg.c_1231.dwg"
},
{
"tags": [
"patch"
],
"url": "https://github.com/LibreDWG/libredwg/commit/dde45dac3c4d902e4d8fed150a8017b9732019c9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/LibreDWG/libredwg/releases/tag/0.14"
},
{
"tags": [
"broken-link",
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-09T07:05:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU LibreDWG DWG File dwg.c dwg_next_entity null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15184",
"datePublished": "2026-07-09T12:00:17.369Z",
"dateReserved": "2026-07-09T05:00:12.112Z",
"dateUpdated": "2026-07-09T12:55:55.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15171 (GCVE-0-2026-15171)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:44- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.7
(semver)
Affected: 4.4.0 , < 4.4.17 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15171",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:44:51.561918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:44:55.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.7",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.17",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrijs Trizna"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:51:10.283Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-55.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.7 or above"
}
],
"title": "NULL Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-15171",
"datePublished": "2026-07-08T20:51:10.283Z",
"dateReserved": "2026-07-08T20:45:53.857Z",
"dateUpdated": "2026-07-09T13:44:55.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14790 (GCVE-0-2026-14790)
Vulnerability from cvelistv5 – Published: 2026-07-06 02:15 – Updated: 2026-07-06 15:20 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376379 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376379/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14790 | third-party-advisory |
| https://vuldb.com/submit/850391 | third-party-advisory |
| https://github.com/gpac/gpac/issues/3596 | exploitissue-tracking |
| https://github.com/gpac/gpac/commit/bd1d94e70e3be… | patch |
| https://github.com/gpac/gpac/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14790",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T15:20:42.977103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:20:48.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/850391"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*"
],
"modules": [
"Media File Handler"
],
"product": "GPAC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "26.02.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kery Qi (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be used. This patch is called bd1d94e70e3bef364c07c5a1d94eca5c9f56e160. A patch should be applied to remediate this issue. The project explains: \"I would consider most of these more as bugs than vulns but anyway they\u0027re good to fix\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T02:15:09.433Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376379 | GPAC Media File write_nhml.c nhmldump_send_frame null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376379"
},
{
"name": "VDB-376379 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376379/cti"
},
{
"name": "CVE-2026-14790 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14790"
},
{
"name": "Submit #850391 | gpac v26.02.0 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/850391"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/gpac/gpac/issues/3596"
},
{
"tags": [
"patch"
],
"url": "https://github.com/gpac/gpac/commit/bd1d94e70e3bef364c07c5a1d94eca5c9f56e160"
},
{
"tags": [
"product"
],
"url": "https://github.com/gpac/gpac/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-05T18:12:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "GPAC Media File write_nhml.c nhmldump_send_frame null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14790",
"datePublished": "2026-07-06T02:15:09.433Z",
"dateReserved": "2026-07-05T16:07:15.466Z",
"dateUpdated": "2026-07-06T15:20:48.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14324 (GCVE-0-2026-14324)
Vulnerability from cvelistv5 – Published: 2026-07-01 14:09 – Updated: 2026-07-01 17:25- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-14324 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2495903 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T16:15:20.378021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:35.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unknown",
"packageName": "libkrun",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unknown",
"packageName": "pipewire",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unknown",
"packageName": "pipewire",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unknown",
"packageName": "pipewire0.2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unknown",
"packageName": "pipewire",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Tristan for reporting this issue."
}
],
"datePublic": "2026-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:09:20.582Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-14324"
},
{
"name": "RHBZ#2495903",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495903"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-01T12:14:20.335Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-07-01T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Pipewire: raop rtsp null deref",
"workarounds": [
{
"lang": "en",
"value": "If AirPlay streaming is not required, unload or disable the\n module-raop-discover and module-raop-sink PipeWire modules."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-14324",
"datePublished": "2026-07-01T14:09:20.582Z",
"dateReserved": "2026-07-01T12:14:59.165Z",
"dateUpdated": "2026-07-01T17:25:35.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13084 (GCVE-0-2026-13084)
Vulnerability from cvelistv5 – Published: 2026-07-02 23:06 – Updated: 2026-07-06 14:54- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://www.watchguard.com/wgrd-psirt/advisory/wg… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| WatchGuard | Fireware OS |
Affected:
11.10.2 , ≤ 11.12.4+541730
(semver)
Affected: 12.0 , ≤ 12.12 (semver) Affected: 12.5 , ≤ 12.5.18 (semver) Affected: 2025.1 , ≤ 2026.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T14:54:38.254930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T14:54:50.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fireware OS",
"vendor": "WatchGuard",
"versions": [
{
"lessThanOrEqual": "11.12.4+541730",
"status": "affected",
"version": "11.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.12",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.5.18",
"status": "affected",
"version": "12.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "2026.2",
"status": "affected",
"version": "2025.1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:11.10.2",
"versionEndIncluding": "11.12.4+541730",
"versionStartIncluding": "11.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0",
"versionEndIncluding": "12.12",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5",
"versionEndIncluding": "12.5.18",
"versionStartIncluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1",
"versionEndIncluding": "2026.2",
"versionStartIncluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages.\u0026nbsp;This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.\u003cbr\u003e\u003cbr\u003eThis vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2"
}
],
"value": "A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages.\u00a0This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.\n\nThis vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2"
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T23:06:48.043Z",
"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"shortName": "WatchGuard"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00024"
}
],
"source": {
"advisory": "WGSA-2026-00024",
"defect": [
"FBX-32250"
],
"discovery": "EXTERNAL"
},
"title": "Null Pointer Dereference in WatchGuard Fireware OS iked Process",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"assignerShortName": "WatchGuard",
"cveId": "CVE-2026-13084",
"datePublished": "2026-07-02T23:06:48.043Z",
"dateReserved": "2026-06-23T18:29:23.985Z",
"dateUpdated": "2026-07-06T14:54:50.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11788 (GCVE-0-2026-11788)
Vulnerability from cvelistv5 – Published: 2026-06-09 13:02 – Updated: 2026-06-30 07:48- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-11788 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485423 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Directory Server 11 |
cpe:/a:redhat:directory_server:11 |
|
| Red Hat | Red Hat Directory Server 12 |
cpe:/a:redhat:directory_server:12 |
|
| Red Hat | Red Hat Directory Server 13 |
cpe:/a:redhat:directory_server:13 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:11:26.743552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:12:38.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "affected",
"packageName": "redhat-ds:11/389-ds-base",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "affected",
"packageName": "redhat-ds:12/389-ds-base",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Ian Murphy (Red Hat)."
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T07:48:55.675Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-11788"
},
{
"name": "RHBZ#2485423",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485423"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-16T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-16T00:00:00.000Z",
"value": "Made public."
}
],
"title": "389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser",
"workarounds": [
{
"lang": "en",
"value": "Disable the deref plugin (most effective): dsconf \u003cinstance\u003e plugin deref disable; systemctl restart dirsrv@\u003cinstance\u003e. Disable anonymous access (nsslapd-allow-anonymous-access=off) to raise the bar from pre-auth to authenticated exploitation. Configure memory limits as defense-in-depth: set nsslapd-maxbersize and nsslapd-conntablesize, and deploy in a cgroup with memory limits."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-11788",
"datePublished": "2026-06-09T13:02:53.715Z",
"dateReserved": "2026-06-09T12:57:59.740Z",
"dateUpdated": "2026-06-30T07:48:55.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10852 (GCVE-0-2026-10852)
Vulnerability from cvelistv5 – Published: 2026-06-22 19:32 – Updated: 2026-07-09 19:54- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7276560 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
8.5
Affected: 9.0 cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T14:51:31.975238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:06:39.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:54:28.890Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7276560"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available Web Server Plug-ins interim fix or fix pack that contains the fix for APAR PH71376.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eWeb Server Plug-ins for IBM WebSphere Application Server (used with either WebSphere Application Server traditional or Liberty):\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.27:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Web Server Plug-ins Interim Fix that resolves\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7273976\" rel=\"nofollow\"\u003ePH71376\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.28 or later (targeted availability 2Q2026).\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Web Server Plug-ins Interim Fix that resolves\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7273976\" rel=\"nofollow\"\u003ePH71376\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available Web Server Plug-ins interim fix or fix pack that contains the fix for APAR PH71376.\n\n\u00a0\n\n\n\nWeb Server Plug-ins for IBM WebSphere Application Server (used with either WebSphere Application Server traditional or Liberty):\n\n\n\nFor V9.0.0.0 through 9.0.5.27:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Web Server Plug-ins Interim Fix that resolves\u00a0 PH71376 https://www.ibm.com/support/pages/node/7273976 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.28 or later (targeted availability 2Q2026).\u00a0\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Web Server Plug-ins Interim Fix that resolves\u00a0 PH71376 https://www.ibm.com/support/pages/node/7273976 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Websphere Application Server is Affected By a Denial of Service",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-10852",
"datePublished": "2026-06-22T19:32:28.668Z",
"dateReserved": "2026-06-04T12:38:07.335Z",
"dateUpdated": "2026-07-09T19:54:28.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10670 (GCVE-0-2026-10670)
Vulnerability from cvelistv5 – Published: 2026-07-14 15:02 – Updated: 2026-07-14 18:38- CWE-476 - memory-safety
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr |
Affected:
2.0.0 , < 4.5.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T15:30:02.299995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:30:13.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/zephyrproject-rtos/zephyr",
"defaultStatus": "unaffected",
"packageName": "zephyr",
"product": "zephyr",
"programFiles": [
"kernel/thread.c"
],
"vendor": "zephyrproject",
"versions": [
{
"lessThan": "4.5.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CONFIG_USERSPACE verification handler for the k_thread_name_copy() system call (z_vrfy_k_thread_name_copy() in kernel/thread.c) calls k_object_find() on the caller-supplied thread pointer and then dereferences the returned struct k_object without checking it for NULL. k_object_find() returns NULL whenever the supplied pointer is not a registered (static or dynamic) kernel object.\n\nThe pre-fix guard tested thread == NULL instead of ko == NULL, so an unprivileged user-mode thread that invokes k_thread_name_copy() with any non-NULL but unregistered pointer (e.g. an arbitrary address) passes the NULL test, after which the verifier reads ko-\u003etype through a NULL pointer.\n\nBecause the syscall verifier runs in supervisor mode, this NULL dereference is a kernel-mode fault that halts or reboots the system, allowing untrusted user code to crash the kernel across the userspace security boundary (denial of service). The marshaller passes the thread argument to the verifier without any prior K_SYSCALL_OBJ validation, so the bad pointer reaches the defect directly.\n\nThe flaw affects builds with CONFIG_USERSPACE and CONFIG_THREAD_NAME enabled and has been present since the special-case lookup was introduced around v2.0.0; it is present in v4.4.0 and earlier. The fix changes the guard to check the k_object_find() return value (ko == NULL) before dereferencing it."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "memory-safety",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T18:38:47.284Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"name": "Fix commit",
"tags": [
"patch"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/commit/491583951036bc5794a3843a4baa246453bb1ee2"
},
{
"name": "GHSA-82h2-v4vm-q2g9",
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-82h2-v4vm-q2g9"
}
],
"title": "User-triggerable kernel NULL-pointer dereference (DoS) in `k_thread_name_copy()` syscall verifier",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2026-10670",
"datePublished": "2026-07-14T15:02:03.452Z",
"dateReserved": "2026-06-02T15:25:33.216Z",
"dateUpdated": "2026-07-14T18:38:47.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10659 (GCVE-0-2026-10659)
Vulnerability from cvelistv5 – Published: 2026-07-07 12:58 – Updated: 2026-07-14 18:38- CWE-476 - memory-safety
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject | zephyr |
Affected:
4.4.0 , < 4.5.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T13:24:10.256609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T13:24:28.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/zephyrproject-rtos/zephyr",
"defaultStatus": "unaffected",
"packageName": "zephyr",
"product": "zephyr",
"programFiles": [
"drivers/disk/ftl_dhara.c"
],
"vendor": "zephyrproject",
"versions": [
{
"lessThan": "4.5.0",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Dhara flash translation layer disk driver (drivers/disk/ftl_dhara.c) implemented the dhara_nand_ callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dhara_error_t err pointer (e.g. *err = DHARA_E_ECC in dhara_nand_read, and similar in dhara_nand_erase/prog/copy).\n\nThe upstream Dhara library calls these callbacks with err == NULL along its journal-resume binary search: find_last_checkblock() invokes find_checkblock(j, mid, \u0026found, NULL), which forwards the NULL pointer into dhara_nand_read(). This path runs during disk_ftl_access_init() -\u003e dhara_map_resume() whenever the FTL disk is mounted/initialised.\n\nIf a flash read error (uncorrectable ECC, bad block, controller error) occurs on one of the probed checkpoint pages, the driver dereferences and writes to NULL, faulting the kernel (denial of service). The trigger is conditioned on the NAND medium content/health, which can be influenced by media wear, induced faults, or a corrupted/crafted on-flash image.\n\nThe fix routes all error assignments through the library\u0027s NULL-safe dhara_set_error() helper. Affects Zephyr v4.4.0, where the driver was introduced."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "memory-safety",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T18:38:42.162Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"name": "Fix commit",
"tags": [
"patch"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/commit/a8371b0d4719efe37a66e2abb618ad9b81792212"
},
{
"name": "GHSA-q28v-3729-f82g",
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-q28v-3729-f82g"
}
],
"title": "NULL pointer dereference in Zephyr Dhara FTL disk driver on flash read error during journal resume",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2026-10659",
"datePublished": "2026-07-07T12:58:11.505Z",
"dateReserved": "2026-06-02T15:24:36.650Z",
"dateUpdated": "2026-07-14T18:38:42.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.