OL CVE Issue Summary :
When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.
OL CVE Issue Summary:
In some mod_ssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.
OL CVE Issue Summary :
An assert(3) failure flaw was found in the networking helper functions of QEMU. This vulnerability can occur in the eth_get_gso_type() routine if a packet does not have a valid networking L3 protocol (ex. IPv4, IPv6) value.
This flaw allows a guest user to crash the QEMU process on the host, resulting in a denial of service.
OL CVE Issue Summary :
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLIT or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
OL CVE Issue Summary :
It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe.
A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser.
OL CVE Issue Summary :
A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.
OL CVE Issue Summary :
A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.
OL CVE Issue Summary :
When using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
OL CVE Issue Summary :
This issue is rated as a moderate severity vulnerability instead of important because it requires specific conditions to be exploitable. First, the OpenSSH client must have the VerifyHostKeyDNS option enabled, which is disabled by default in Red Hat Enterprise Linux (RHEL). Additionally, while the attack allows a machine-in-the-middle (MITM) adversary to trick the client into accepting an incorrect host key, it does not directly lead to code execution or immediate system compromise. Instead, the attack requires additional steps, such as credential interception or session hijacking to fully exploit the breach.
OL CVE Issue Summary :
A null pointer dereference flaw was found in libtiff via tif_dirinfo.c. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
