OL CVE Issue Summary :

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an uncontrolled CPU resource scenario, ultimately resulting in the server not being able to attend new requests and causing a denial of service as a consequence.

OL CVE Issue Summary:

Web cache poisoning via urllib.parse.parse_qsl and parse_qs. Attackers can use semicolons (;) in query parameters (parameter cloaking) to cause proxies and servers to interpret requests differently, potentially allowing malicious requests to be cached as safe ones.
 

OL CVE Issue Summary :

A buffer overflow vulnerability exists in the Perl Database Interface (DBI) module versions prior to 1.643. Specifically, in the DBI.xs file, a local attacker can supply a string longer than 300 characters, leading to an out-of-bounds write. This can affect the availability of the service or compromise data integrity.

OL CVE Issue Summary :

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

OL CVE Issue Summary:

Malformed data in a terminfo database file can trigger security-relevant memory corruption when ncurses is used by a setuid application. Local users can exploit this flaw via terminfo databases found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
 

NVD Listing: NVD - CVE-2023-51385

- Changed CVE-2023-51385 behavior from automatic disabling of SCP to notification.

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

OL CVE Issue Summary:

xmlBufAttrSerializeTxtContent() in xmlsave.c in allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a non-UTF-8 attribute value, related to serialization. entities.c:xmlEncodeEntitiesInternal() triggers a heap-buffer-overflow read with a crafted XML payload.

OL CVE Issue Summary :

By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. The  vulnerable cipher modes are ChaCha20-Poly1305 and Encrypt-then-MAC (-etm MAC algorithms). libssh2 appears to be susceptible to "Terrapin attack" where MiTM attacker is able to tamper with the SSH early protocol exchange. So libssh2 should preferably include support for "strict KEX" extension.

OL CVE Issue Summary :

 out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions.  A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

OL CVE Issue Summary :

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.