crypto:
   - 1), multiple memory leaks OTP-8810
     Patch: https://github.com/erlang/otp/commit/d834040eeb1383157320a650984a47bb02bbb2d1
     Note: Hard to tell if has security implications, but from the patch looks certain
           memory content leaks were possible

   - 2), rc4 not working correctly (silent data corruption) OTP-8781
     Patch: https://github.com/erlang/otp/commit/0bcb7009fe4f3bbdf630c226d7e7335f9c005cf0
     Note: Seems to be just bugfix
     From the patch log: RC4 stream cipher didn't work.

erl_interface:
   - 3), ei: prevent overflow in ei_connect_init and ei_xconnect OTP-8814
     Patch: https://github.com/erlang/otp/commit/6e66a59544a4816c49d2d4ae4bfa4f408403a1ab
     Note: security, stack based buffer overflow possible

   - 4), erl_call: fix multiple buffer overflows OTP-8827
     Patch: https://github.com/erlang/otp/commit/f4843545086e6e79642e86f84aba0cff789d575b
     Note: security, multiple heap overflows possible

   - 5), Check the length of the node name to prevent an overflow OTP-8943
     Patch: https://github.com/erlang/otp/commit/29b572dbd1546796a0a94066548edfa3da6b4b9d
     Note: security

   - 6), erl_term_len() in erl_interface could returned wrong length OTP-8945
     Patch: https://github.com/erlang/otp/commit/c7fa778ae11c33f4568fbfd91d58550c781b54d6
     Note: Hard to tell if has security implications
erts:
   - 7), error with list_to_float("1.0e-324") in some VMs OTP-7178 
     Patch: https://github.com/erlang/otp/commit/1297a3ade2851be787a4c6a64d5f57d81761c8f5
     Note: ignore underflow in list_to_float and return 0.0

   - 8), Fix faulty 64-bit integer term output from drivers (crash or silent data corruption) OTP-8716
     Patch: https://github.com/erlang/otp/commit/d2f1c68969d2c32a1310aa52b66209ef4c3aed97
     Note: security     

   - 9), gen_udp:connect/3 was broken for SCTP enabled builds. OTP-8729
     Patch: https://github.com/erlang/otp/commit/2a6db0111898f25f5c615ce9b7f4e6ef84381a03
     Note: seems to be just bugfix     

   - 10), Removed some potential vulnerabilities from epmd OTP-8780
     Patch: https://github.com/erlang/otp/commit/bbf3ab21b404aedbf9c7b7062b1e96062133fe44
     Note: security
     From patch log: Remove two buffer overflow vulnerabilities in EPMD 
         
   - 11), wrong return code for http sockets {ok,{http_error,String}} OTP-8831
     Patch: https://github.com/erlang/otp/commit/c2d085e76f38467ea530b294edd3767ade88332c
     Note: seems to be just bugfix

   - 12), Multiple Buffer overflows have been prevented OTP-8892
     Patch: https://github.com/erlang/otp/commit/c7f811b03aca427fbea0cac5307b81fa19bddbc1
     Note: security
     From patch log: 
       * ms/security-fixes: erlc: remove unused variable, typer: prevent buffer overflows,
         run_test: prevent buffer overflow, heart: prevent buffer overflow,
         escript: prevent buffer overflows, erlexec: prevent buffer overflows, 
         erlc: prevent buffer overflows, dialyzer: prevent buffer overflows
 
   - 13), The ERTS internal rwlock implementation could get into an inconsistent state OTP-8925
     Patch: https://github.com/erlang/otp/commit/f1c8231c16ca4cc8ef39318364ac8a1c8d7d56e1
     Note: Assertion failure, but not sure if exploitable for DoS

   - 14), Some malformed distribution messages could cause VM to crash OTP-8993
     Patch: https://github.com/erlang/otp/commit/663a15d616647d0019bc834d20de517fd9aeadd7
     Note: security
     From patch log: Teach VM not to dump core on bad dist message structure

   - 15), A bug in the exit/2 BIF could potentially cause an emulator crash OTP-9005
     Patch: https://github.com/erlang/otp/commit/962a313807f96f38f3bf40a5e8cd855ad09deccb
     Note: Not sure if has security implications

   - 16), Potentially emulator crash when deleting an ETS-table OTP-8999
     Patch: https://github.com/erlang/otp/commit/f4f3beb158352b23959c09f8b0dfc83013d5fdf2
     Note: Not sure if has security implications

   - 17), Attempting to create binaries exceeding 2Gb (using for
     example term_to_binary/1) would crash the emulator OTP-9117
     Patch: https://github.com/erlang/otp/commit/1f07334d042e478d385caa0d7634ebfa6703f27a
     Note: Hard to tell if has security implications
    
hipe:
   - 18), Fix bug in the simplification of inexact comparisons OTP-9101
     Patch: https://github.com/erlang/otp/commit/e454e0f3d45c30fcb24f6e06a9e1f7408a8db5d7
     Note: Seems to be just bugfix

kernel:
   - 19), inet:getsockopt for SCTP sctp_default_send_param, random answers OTP-8795
     Patch: https://github.com/erlang/otp/commit/9ea58dff408c0c72f5a6ad0e11b521a80292b024
     Note: Seems to be just bugfix

stdlib:
   - 20), race condition/silent data corruption in dets OTP-8898
     Patch: https://github.com/erlang/otp/commit/4e79fa3b1b6797f2583848d307d6b85cec94a920
     Note: Hard to tell if has security implications

Note: Are there potentially more ones, I missed?
=====