OL CVE Issue Summary :

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

OL CVE Issue Summary :

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
 

OL CVE Issue Summary :

A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.

OL CVE Issue Summary :

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
 

OL CVE Issue Summary :

A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.

OL CVE Issue Summary : 

A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This issue may cause named to slow down due to a lack of free memory, resulting in a denial of service.

OL CVE Issue Summary :

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
 

OL CVE Issue Summary:

When using SASL authentication and session encryption, and relying on the security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). 
In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.

OL CVE Issue Summary:

rpm uses temporary files with predictable names when installing an RPM. An attacker with the ability to write in a directory where files will be installed could create symbolic links to an arbitrary location, modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

OL CVE Issue Summary:

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.