124812 matches found
CVE-2026-21370 Out-of-bounds Write in Camera Driver
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21370
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21369
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
CVE-2026-21369 Out-of-bounds Write in Camera Driver
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
CVE-2026-21368
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...
CVE-2026-21368 Out-of-bounds Write in Camera Driver
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...
EUVD-2022-49110
Open Babel has out-of-bounds write in MOPAC translationVectors UNIT CELL TRANSLATION...
BIT-PYTHON-MIN-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
BIT-PYTHON-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
Security Bulletin: IBM Quantum Safe Remediator is affected by mutiple vulnerabilities
Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the versions of the affected libraries. Vulnerability Details CVEID:CVE-2026-39824 DESCRIPTION:...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read
The vulnerability would enable an attacker to remotely obtain sensitive information from a NetScaler appliance configured as a Gateway or AAA virtual server via a very commonly connected Web interface, and without requiring authentication. This bug is nearly identical to the Citrix Bleed...
CVE-2026-10657
Zephyr Project's DNS resolver contains an out-of-bounds read in the mDNS suffix check (dns_resolve_name_internal), using memcmp(strrchr(query, '.'), ".local", 7). If the final label is shorter than 7 bytes (or there is a trailing dot), the comparison may read past the NUL and fault on tight buffe...
CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)
Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...