An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.
It was discovered that missing input sanitising in cups-filters, when
using the Backend Error Handler (beh) backend to create an accessible
network printer, may result in the execution of arbitrary commands.
Irvan Kurniawan discovered a double free in the libwebp image compression
library which may result in denial of service.
