An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.

Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read

In the Linux kernel before 5.15.3 fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can for example lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.

In zsh before 5.8.1 an attacker can achieve code execution if they control a command output inside the prompt as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction which allows local users to obtain potentially sensitive address information aka a "pointer leak."

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.