In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability (CVE-2021-28658).
A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled (CVE-2021-29970). Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and
A flaw was found in tpm2-tools. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality (CVE-2021-3565).
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap (CVE-2021-30473). aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free (CVE-2021-30474).
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service (CVE-2021-3200).
This kernel-linus update is based on upstream 5.10.48 and fixes atleast the following security issues: The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects