CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1735 – Classic Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-1735
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. Un Desbordamiento de Búfer Clásico en el repositorio GitHub vim/vim versiones anteriores a 8.2.4969 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9 https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 https://support.apple.com/kb/HT213488 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1725 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-1725
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. Un Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4959 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c https://security.gentoo.org/glsa/202305-16 https://support.apple.com/kb/HT213488 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1720 – Buffer Over-read in function grab_file_name in vim/vim
https://notcve.org/view.php?id=CVE-2022-1720
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. Una Lectura Excesiva del Búfer en la función grab_file_name en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4956. Esta vulnerabilidad es capaz de bloquear el software, modificación de la memoria y una posible ejecución remota • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 http://seclists.org/fulldisclosure/2022/Oct/45 https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archiv • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 1CVE-2022-1674 – NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim
https://notcve.org/view.php?id=CVE-2022-1674
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. Una Desreferencia de Puntero NULL en la función vim_regexec_string en el archivo regexp.c:2733 en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4938. Una Desreferencia de Puntero NULL en la función vim_regexec_string en regexp.c:2733 permite a atacantes causar una denegación de servicio (bloqueo de la aplicación) por medio de una entrada diseñada • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG https://lists.fedoraproject.org/archives/list/package-anno • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-1622
https://notcve.org/view.php?id=CVE-2022-1622
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:619, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit b4e79bfa • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a https://gitlab.com/libtiff/libtiff/-/issues/410 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3 https://lists.fedoraproject.o • CWE-125: Out-of-bounds Read •