libxml2 CVE-2024-25062: Use-after-free in xmlTextReaderRead during DTD validation with XInclude

CVE-2021-3518: Use-after-free in libxml2 xmlXIncludeAddNode (xinclude.c)

CVE-2020-8177: curl symlink attack via -J (Content-Disposition) and -i (include headers)

CVE-2020-8177: curl -J + -i local file overwrite via header-callback file creation bypass

CVE-2023-46218: Missing PSL Validation in Cookie Retrieval - curl Logic Bug

CVE-2023-46218: curl cookie PSL check missing in Curl_cookie_getlist() — asymmetric validation logic-bug

CVE-2021-3487: OOB read in binutils readelf fetch_indexed_string (DWARF .debug_str_offsets)

CVE-2022-38126: Memory leak in binutils BFD read_abbrevs() — unlinked cur_abbrev->attrs not freed on bfd_realloc failure

CVE-2022-38126: memory leak in binutils display_debug_abbrev

CVE-2022-38126: Memory Leak in BFD DWARF Abbreviation Table Handling

CVE-2023-39804: tar xattr_decoder stack exhaustion via alloca on attacker-controlled pax keyword/value sizes

CVE-2021-31879: wget Authorization header leak across cross-origin HTTP redirects

CVE-2021-31879: HTTP Redirect Authorization Header Leak in Wget v1.21

CVE-2018-20483: wget --xattr leaks URL credentials into extended file attributes

CVE-2018-20483: Information Leak via Extended File Attributes in wget

CVE-2024-38428: wget url_skip_credentials semicolon/multi-@ hostname confusion

CVE-2024-38428: wget URL parser allows multiple @ characters in hostname causing hostname confusion

CVE-2020-15900: Integer overflow (signed left-shift UB) in Ghostscript bitshift PostScript operator

CVE-2018-20483: wget leaks HTTP Basic-Auth credentials into user.xdg.origin.url xattr

CVE-2018-20483: Wget stores credentials in extended file attributes (information-leak)