CVE-2019-5953: wget heap buffer overflow in do_conversion via incorrect E2BIG handling

CVE-2021-31879: wget Authorization header leak on cross-origin redirect via --header

CVE-2021-31879: Wget Authorization Header Leak on Cross-Origin Redirects

CVE-2017-13089: wget skip_short_body stack overflow via negative HTTP chunk size (signed strtol + SIZE_MAX read)

CVE-2017-13089: wget skip_short_body() stack overflow via negative chunked size

CVE-2023-43115: Ghostscript IJS device SAFER bypass allowing path traversal and arbitrary command execution

CVE-2023-43115: Ghostscript IJS device bypasses SAFER, allowing path-traversal arbitrary file write and RCE

CVE-2021-45944: Use-after-free in Ghostscript sampled_data_finish via moving GC interior-pointer invalidation

CVE-2020-15900: Ghostscript zbitshift integer overflow via off-by-one shift range check

Ghostscript CVE-2020-15900: Integer Overflow in PostScript Calculator bitshift Operator

CVE-2024-29510 — Format string injection in Ghostscript uniprint device (gdevupd.c)

GNU sed -i --follow-symlinks TOCTOU race → arbitrary file overwrite (CVE-2023-7008)

CVE-2023-7008: GNU sed -i --follow-symlinks TOCTOU race enables arbitrary file overwrite

CVE-2023-7008: TOCTOU symlink race in sed --follow-symlinks

CVE-2022-28357: Heap buffer overflow in sed regex backreference handling

CVE-2013-0222: Buffer Overflow in coreutils sort via getmonth() with locale month names

CVE-2017-18018: TOCTOU race condition in coreutils chown -R -L (restricted_chown bypass)

CVE-2019-13636: GNU patch v2.7.6 symlink-following in create_file() allows writing to arbitrary files

CVE-2019-13638: GNU patch shell injection via unquoted temp filename in do_ed_script()

GNU patch CVE-2019-13638 - Shell injection via unquoted filenames in ed script