CVE-2024-38428: wget url_skip_credentials semicolon causes hostname confusion

CVE-2024-38428: GNU Wget url_skip_credentials mishandles ';' in userinfo, enabling hostname confusion

CVE-2024-38428: URL parser hostname confusion via multiple @ characters in userinfo

CVE-2024-33869: Ghostscript path traversal via unresolved symlinks in SAFER mode

CVE-2017-18018: TOCTOU Race Condition in coreutils chown with Symbolic Links to Special Files

CVE-2018-6952: GNU patch double-free in another_hunk via ptrn_missing+repl_missing

CVE-2022-2509: Double-free in GnuTLS certificate SAN extension parsing

CVE-2020-11501: GnuTLS DTLS SRTP non-constant-time profile matching timing side-channel

libxml2 CVE-2024-25062: Use-after-free in xmlTextReaderRead during DTD validation with XInclude

CVE-2021-3518: Use-after-free in libxml2 xmlXIncludeAddNode (xinclude.c)

CVE-2020-8177: curl symlink attack via -J (Content-Disposition) and -i (include headers)

CVE-2020-8177: curl -J + -i local file overwrite via header-callback file creation bypass

CVE-2023-46218: Missing PSL Validation in Cookie Retrieval - curl Logic Bug

CVE-2023-46218: curl cookie PSL check missing in Curl_cookie_getlist() — asymmetric validation logic-bug

CVE-2021-3487: OOB read in binutils readelf fetch_indexed_string (DWARF .debug_str_offsets)

CVE-2022-38126: Memory leak in binutils BFD read_abbrevs() — unlinked cur_abbrev->attrs not freed on bfd_realloc failure

CVE-2022-38126: memory leak in binutils display_debug_abbrev

CVE-2022-38126: Memory Leak in BFD DWARF Abbreviation Table Handling

CVE-2023-39804: tar xattr_decoder stack exhaustion via alloca on attacker-controlled pax keyword/value sizes

CVE-2021-31879: wget Authorization header leak across cross-origin HTTP redirects