OL CVE Issue Summary:

When using SASL authentication and session encryption, and relying on the security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). 
In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.

OL CVE Issue Summary:

A Heap Use After Free vulnerability was discovered in Schematron. The issue arises in the xmlSchematronGetNode() when processing XPath expressions in Schematron schema elements <sch:name path="..."/>, where a pointer to freed memory is returned and then accessed, leading to undefined behavior and potential crashes.

Vulnerable component: xmlSchematronGetNode() extracts a pointer to a node from an XPath node set and then immediately frees the entire XPath object containing that node set, rendering the returned pointer invalid.

OL CVE Issue Summary :

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. 
An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
 

OL CVE Issue Summary:

S_reghop3(), S_reghop4(), and S_reghopmaybe3() in regexec.c (before 5.24.0) allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated with the payload `"a\x80"`.

OL CVE Issue Summary:

xmlSchemaIDCFillNodeTables() in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
 

OL CVE Issue Summary:

rpm did not properly handle installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination.
An attacker with write access to a directory in which a subdirectory will be installed could redirect that directory to an arbitrary location and gain superuser privileges.