124813 matches found
CVE-2026-21370
CVE-2026-21370 is an out-of-bounds write in the camera driver causing memory corruption when validating input batch size and buffer plane count that exceed maximum allowed values. The issue is described as a memory corruption condition in the Qualcomm camera driver. Exploitation details beyond wh...
CVE-2026-21370 Out-of-bounds Write in Camera Driver
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21369 Out-of-bounds Write in Camera Driver
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
CVE-2026-21369
CVE-2026-21369 describes a memory corruption in the camera driver when handling flash commands. The root cause is outdated LED count values being used after userspace modification, leading to out-of-bounds/write conditions. The weakness is limited to local attack vector with high complexity and l...
CVE-2026-21368 Out-of-bounds Write in Camera Driver
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...
CVE-2026-21368
CVE-2026-21368 describes an out-of-bounds write in a camera driver when parsing JPEG commands, caused by unaccounted extra writes to the buffer during validation. The CVSS vector indicates local access, high complexity, and low privileges required, with a Overall impact of low confidentiality, in...
EUVD-2022-49110
Open Babel has out-of-bounds write in MOPAC translationVectors UNIT CELL TRANSLATION...
BIT-PYTHON-MIN-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
BIT-PYTHON-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
Security Bulletin: IBM Quantum Safe Remediator is affected by mutiple vulnerabilities
Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the versions of the affected libraries. Vulnerability Details CVEID:CVE-2026-39824 DESCRIPTION:...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read
The vulnerability would enable an attacker to remotely obtain sensitive information from a NetScaler appliance configured as a Gateway or AAA virtual server via a very commonly connected Web interface, and without requiring authentication. This bug is nearly identical to the Citrix Bleed...
CVE-2026-38973
mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbcfindmethod...
CVE-2026-10657
Zephyr Project's DNS resolver contains an out-of-bounds read in the mDNS suffix check (dns_resolve_name_internal), using memcmp(strrchr(query, '.'), ".local", 7). If the final label is shorter than 7 bytes (or there is a trailing dot), the comparison may read past the NUL and fault on tight buffe...