In the Linux kernel before 5.12.4 net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan aka CID-5c4c8c954409. This leads to writing an arbitrary value.

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.

XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc

Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc

Open Redirect in oidc_validate_redirect_url()

Format string bug in the Redis cache implementation

Integer overflow that can lead to heap overflow in redis-cli redis-sentinel on some platforms

Integer overflow issues with *BIT commands on 32-bit systems

Archive package allows chmod of file outside of unpack target directory

Regular Expression Denial of Service in Addressable templates

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Integer overflow issue with intsets in Redis

DoS vulnerability in Redis

Vulnerability in Lua Debugger in Redis

Vulnerability in handling large ziplists