CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 1CVE-2023-1264 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2023-1264
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. • https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL • CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1CVE-2022-4904 – c-ares: buffer overflow in config_sortlist() due to missing string length check
https://notcve.org/view.php?id=CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://github.com/c-ares/c-ares/issues/496 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2 https://security.gentoo.org/glsa/202401-02 https://access.redhat.com/security/cve/CVE-2022-4904 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 3.7EPSS: 0%CPEs: 9EXPL: 0CVE-2022-41862 – postgresql: Client memory disclosure when connecting with Kerberos to modified server
https://notcve.org/view.php?id=CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. • https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://security.netapp.com/advisory/ntap-20230427-0002 https://www.postgresql.org/support/security/CVE-2022-41862 https://access.redhat.com/security/cve/CVE-2022-41862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25358 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
https://notcve.org/view.php?id=CVE-2023-25358
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. • http://www.openwall.com/lists/oss-security/2023/04/21/3 https://bugs.webkit.org/show_bug.cgi?id=242683 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A https://security.gentoo.org/glsa/202305-32 https:/ • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1127 – Divide By Zero in vim/vim
https://notcve.org/view.php?id=CVE-2023-1127
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. • https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W • CWE-369: Divide By Zero •