A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c

A truncated TSIG response can lead to an assertion failure

Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c

In BIND 9.15.6 -> 9.16.5 9.17.0 -> 9.17.3 An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure causing the server to exit.

A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer

A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer

Secret leaks in logs for vSphere Provider kube-controller-manager

Webhook redirect in kube-apiserver

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port and this way potentially make curl extract information about services that are otherwise private and not disclosed for example doing port scanning and service banner extractions.

Due to use of a dangling pointer libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0 12.18.0 and < 14.4.0.

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).