CVE-2022-0714 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0714
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. Un desbordamiento de búfer basado en la región heap en el repositorio de GitHub vim/vim en versiones anteriores a la 8.2.4436. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-0696 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-0696
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. Derivación de puntero nulo en el repositorio de GitHub vim/vim anterior a 8.2.4428 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://support.apple.com/kb/HT213488 • CWE-476: NULL Pointer Dereference •
CVE-2022-0685 – Use of Out-of-range Pointer Offset in vim/vim
https://notcve.org/view.php?id=CVE-2022-0685
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. Un Uso de un Desplazamiento de Puntero Fuera de Rango en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4418 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://security.gentoo. • CWE-823: Use of Out-of-range Pointer Offset •
CVE-2022-0629 – Stack-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0629
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento del búfer en la región Stack de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877 https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UURGABNDL77 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-45444 – zsh: Prompt expansion vulnerability
https://notcve.org/view.php?id=CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. En zsh versiones anteriores a 5.8.1, un atacante puede lograr una ejecución de código si controla la salida de un comando dentro del prompt, como lo demuestra un argumento %F. Esto ocurre debido a la expansión recursiva PROMPT_SUBST A vulnerability was found in zsh in the parsecolorchar() function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4 https://support.apple.com/kb/HT213255 https://support.apple& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •