Yi

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A slab-use-after-free bug has been identified in the Linux kernel, specifically in the netfilter: bpf component. This issue arises when the ` nf unregister net hook()` function is deferred after exit/close time, potentially due to a missing reference on the net namespace. The bug can be triggered through the `bpf nf link release()` function, leading to a read of size 8 at a specific memory address. Eric's analysis suggests that the `bpf nf link attach()` function assigns `link->net = net` without taking a reference on the net namespace, which may cause the netns to be dismantled or freed prematurely. Recommendations: To resolve this issue, update the Linux kernel to version 6.6.61 or later. As a temporary workaround, consider restricting the use of the `bpf nf link attach()` function until a patch is available. Additionally, avoid using the `link->net` variable in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** IBOS OA version 4.5.5 **Description** A critical issue has been found that affects the `addComment` function of the file `?r=weibo/comment/addcomment`. The manipulation of the `touid` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For IBOS OA version 4.5.5, as a temporary workaround, consider disabling the `addComment` function until a patch is available. Restrict access to the `?r=weibo/comment/addcomment` endpoint to minimize the risk of exploitation. Avoid using the `touid` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OWASP AntiSamy versions prior to 1.6.6 **Description** The issue allows for XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. This is a problem in a library for performing fast, configurable cleansing of HTML coming from untrusted sources. **Recommendations** For versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider restricting the input allowed in STYLE content to minimize the risk of exploitation.