NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2023-5178 

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

OL CVE Issue Summary :

Stack-based buffer overflow in xmlSnprintfElements in valid.c. 
To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. 

NOTE: This is similar to CVE-2017-9047.
 

OL CVE Issue Summary :

OL CVE Issue Summary :

OL CVE Issue Summary :

OL CVE Issue Summary :

 In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.