CVE-2020-10713 BootHole: Integer Overflow → Heap Buffer Overflow in GRUB2 Script Lexer (grub-core/script/yylex.l)

CVE-2024-25062: use-after-free in libxml2 xmlTextReaderRead — missing BACKTRACK state guard on XInclude re-expansion

CVE-2024-25062 libxml2 use-after-free in xmlTextReaderValidateEntity

CVE-2021-3518: Use-after-free in libxml2 xmlXIncludeAddNode (xinclude.c)

CVE-2022-40304: libxml2 dict corruption via entity reference cycle (ent->content[0]=0 on dict-owned memory)

CVE-2022-40304: libxml2 dict corruption from entity reference cycles

CVE-2022-40303: Integer overflow in libxml2 xmlSAX2Text → heap buffer overflow on large XML text nodes

CVE-2022-40303: libxml2 integer overflow with XML_PARSE_HUGE in xmlParseEntityValue and friends

CVE-2023-0286: Type confusion in OpenSSL GENERAL_NAME_cmp for X.400 addresses — ASN1_STRING* parsed but treated as ASN1_TYPE*

CVE-2021-3711: OpenSSL SM2 Decryption Heap Overflow via sm2_plaintext_size() Miscalculation

CVE-2022-3602: OpenSSL 3.0 punycode stack buffer overflow in X.509 name constraint verification

CVE-2022-3602 OpenSSL punycode 4-byte stack overflow (SPOOKY-SSL)

CVE-2022-0778: OpenSSL BN_mod_sqrt infinite loop via non-prime modulus in Tonelli-Shanks

CVE-2014-0160 Heartbleed: Missing bounds check in OpenSSL tls1_process_heartbeat

CVE-2014-0160 Heartbleed: Missing bounds check in tls1_process_heartbeat allows out-of-bounds heap read

CVE-2020-8177: curl symlink attack via -J (Content-Disposition) and -i (include headers)

CVE-2020-8177: curl -J + -i local file overwrite via header-callback file creation bypass

CVE-2020-8177: curl local file overwrite via symlink with -J and -i options

CVE-2023-46218 — curl cookie mixed-case PSL bypass in Curl_cookie_add

CVE-2023-46218: curl cookie PSL check missing in Curl_cookie_getlist() — asymmetric validation logic-bug