Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured
The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca() function could result in memory corruption, allowing to crash systemd and hence the entire operating system.
Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote
Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour.
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result an SSRF bypass of the FILTER_VALIDATE_URL check and denial of service or potentially the execution of arbitrary code in the Firebird PDO.