The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none

Windows Wireless Networking Spoofing Vulnerability

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

http.client in Python 3.x before 3.5.10 3.6.x before 3.6.12 3.7.x before 3.7.9 and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets bypassing security mechanisms aka CID-26896f01467a.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation an unaligned reference may be generated for a type that has a large alignment requirement.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation insert_from can have a memory-safety issue upon a panic.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation clone can have a memory-safety issue upon a panic.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation the array size is not checked when constructed with From<InlineArray<A T>>.

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation the array size is not checked when constructed with pair().

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation the array size is not checked when constructed with unit().

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host resulting in a denial of service.