CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48235 – overflow in ex address parsing in vim
https://notcve.org/view.php?id=CVE-2023-48235
Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. • http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messag • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48236 – overflow in get_number in vim
https://notcve.org/view.php?id=CVE-2023-48236
Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. • http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messag • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48237 – overflow in shift_line in vim
https://notcve.org/view.php?id=CVE-2023-48237
Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. • http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messag • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5981 – Gnutls: timing side-channel in the rsa-psk authentication
https://notcve.org/view.php?id=CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Se encontró una vulnerabilidad en la que los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/errata/RHSA-2024:0319 https://access.redhat.com/errata/RHSA-2024:0399 https://access.redhat.com/errata/RHSA-2024:0451 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.red • CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6112 – Chrome content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest Heap Use-After-Free
https://notcve.org/view.php?id=CVE-2023-6112
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Navegación en Google Chrome anterior a 119.0.6045.159 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Chrome suffers from a heap use-after-free vulnerability in content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest. • http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html https://crbug.com/1499298 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X https://lists.fedoraproject.org/archives/list/package- • CWE-416: Use After Free •