OL CVE Issue Summary:

When an account is set for a non-login user in /etc/passwd, it is not considered disabled by sudo.

The newly introduced runas_check_shell sudoers setting can be used to require that the run as user have a shell that's listed in /etc/shells. Users such as "bin", "nobody", etc, do not have a valid shell, and this option prevents commands from being run as those users.

OL CVE Issue Summary:

A crafted SNMPv1 trap with an oversized enterprise OID can cause an out-of-bounds write in snmptrapd when the handler builds the trap OID. Specifically, unvalidated enterprise_length values can make memcpy copy more OIDs than the fixed trapOid buffer can hold, leading to a stack buffer overflow and process abort.

OL CVE Issue Summary :

Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel.
 By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. 
Fix is to enforce strict key exchange on client as well as on server.

OL CVE Issue Summary:

Web cache poisoning via urllib.parse.parse_qsl and parse_qs. Attackers can use semicolons (;) in query parameters ("parameter cloaking") to cause proxies and servers to interpret requests differently, potentially allowing malicious requests to be cached as safe ones.

OL CVE Issue Summary:

The tarfile module implementation processes tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted archives, which can lead to a denial of service.

OL CVE Issue Summary:

xinclude.c:xmlXIncludeDoProcess() triggers a heap-use-after-free with a crafted XML payload.

OL CVE Issue Summary:

Heap-based Buffer Overflow in mbyte.c:utfc_ptr2len() (in versions prior to 9.0.1331).

OL CVE Issue Summary:
CGI::Cookie.parse mishandles security prefixes in cookie names. This also affects the CGI gem.

OL CVE Issue Summary:

xmlBufAttrSerializeTxtContent() in xmlsave.c in allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a non-UTF-8 attribute value, related to serialization. entities.c:xmlEncodeEntitiesInternal() triggers a heap-buffer-overflow read with a crafted XML payload.

OL CVE Issue Summary : 

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process could use this flaw extract plain text or, in some cases, downgrade any TLS connections to a vulnerable server.