OL CVE Issue Summary:

Integer overflow that might lead to an out-of-bounds write in `g_option_group_add_entries()`
NOTE: the vendor's position is: > Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entriesin a fixed number of calls to `g_option_group_add_entries().` 
The researcher states that this pattern is undocumented.

OL CVE Issue Summary:

heap-based buffer overflow in `utf_ptr2char()` in `mbyte.c`
Heap use-after-free in `nv_replace()`
Heap use-after-free in `nv_replace()`
Illegal memory access when C-indenting
heap-buffer-overflow in `inc()` (`misc2.c`).

OL CVE Issue Summary:

`XML_ParseBuffer()` in `xmlparse.c` does not reject a negative length.

OL CVE Issue Summary:

`dmidecode` allows `-dump-bin` to overwrite a local file.

OL CVE Issue Summary:

With PHP-FPM, a low-privilege process can read and write an array of pointers used by the main process (running as root), through shared memory. An attacker can leverage this problem to change a 32-bit integer from zero to one in the main process's memory, or clear a memory region. By leveraging the primitive multiple times, it is possible to reach another bug, make the main process execute code, and thus escalate privileges.

The pointers in the SHM have been present starting with the very first implementation (PHP 5.3.7).

This was addressed by converting `scoreboard->procs` to an array of scoreboards (no pointers anymore) and making sure `scoreboard->nprocs` only gets used by workers.

OL CVE Issue Summary: 

The below paths, all follow the same code pattern:

```
main/fopen_wrappers.c:php_check_specific_open_basedir()ext/xmlreader/php_xmlreader.c:PHP_METHOD(xmlreader, XML)
ext/dom/document.c:dom_document_parser()

```
These arrays can have at most `MAXPATHLEN` characters, including the NULL char. So the `strlen()` can be at most `MAXPATHLEN-1`. If it does not end in a slash,
and a slash must be appended, a write of the NULL char to index `MAXPATHLEN` will occur, overrunning the array. 

OL CVE Issue Summary:

CVE-2021-38185 is a critical integer overflow vulnerability in GNU's cpio(versions up to 2.13). The flaw exists in dstring.c:ds_fgetstr().
The vulnerability is triggered when cpio processes a maliciously crafted pattern file via the -E option. The integer overflow occurs during memory allocation for a string, leading to an out-of-bounds heapwrite, which can be leveraged for arbitrary code execution.

OL CVE Issue Summary :

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. 
An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
 

OL CVE Issue Summary : 

Python has a buffer overflow in `PyCArg_repr` in `_ctypes/callproc.c`, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a `1e300` argument to `c_double.from_param`. This occurs because `sprintf` is used unsafely.

OL CVE Issue Summary:

Out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in common.c:_sasl_add_string.