CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

UBUNTU-CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

EUVD-2026-20006

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime...

CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...

bpf: Fix combination of jit blinding and pointers to bpf subprogs.

...

CVE-2025-38408

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

CVE-2025-7029

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used to derive pointers OcHeader, OcData passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory...

CVE-2024-49921 drm/amd/display: Check null pointers before used

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointers before used WHAT & HOW Poniters, such as dc-clkmgr, are null checked previously in the same function, so Coverity warns "implies that "dc-clkmgr" might be null". As a result, these pointers ne...

CVE-2024-49891 scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths When the HBA is undergoing a reset or is handling an errata event, NULL ptr dereference crashes may occur in routines such as lpfcsliflushiorings,...

CVE-2024-44966

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not offsetting data start Commit 04d82a6d0881 "binfmtflat: allow not offsetting data start" introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the obsolet...

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

CVE-2021-47607

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPFCMPXCHG on a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG + insn-off, BPFR0, SRCREG -mem-loc...

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

BIT-RUBY-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

CVE-2024-30212

If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...

CVE-2024-35935 btrfs: send: handle path ref underflow in header iterate_inode_ref()

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterateinoderef Change BUGON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses...

UBUNTU-CVE-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

RUSTSEC-2023-0078 Potential stack use-after-free in `Instrumented::into_inner`

The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...