CVE-2021-22045 – VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22045
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. VMware ESXi (versiones 7.0, 6.7 anteriores a ESXi670-202111101-SG y 6.5 anteriores a ESXi650-202110101-SG), VMware Workstation (versión 16.2.0) y VMware Fusion (versión 12.2.0), contienen una vulnerabilidad de desbordamiento de pila en la emulación de dispositivos de CD-ROM. Un actor malicioso con acceso a una máquina virtual con emulación de dispositivo de CD-ROM puede ser capaz de explotar esta vulnerabilidad en conjunto con otros problemas para ejecutar código en el hipervisor desde una máquina virtual This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the SCSI component. • http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html https://www.vmware.com/security/advisories/VMSA-2022-0001.html https://www.zerodayinitiative.com/advisories/ZDI-22-003 • CWE-787: Out-of-bounds Write •
CVE-2021-4193 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2021-4193
vim is vulnerable to Out-of-bounds Read vim es vulnerable a una Lectura Fuera de Límites. It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedora • CWE-125: Out-of-bounds Read •
CVE-2021-4192 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-4192
vim is vulnerable to Use After Free vim es vulnerable a un Uso de Memoria Previamente Liberada. It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedora • CWE-416: Use After Free •
CVE-2021-4187 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-4187
vim is vulnerable to Use After Free vim es vulnerable a un Uso de Memoria Previamente Liberada • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD https://lists.fedoraproject.org/archives/list/package& • CWE-416: Use After Free •
CVE-2021-4173 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-4173
vim is vulnerable to Use After Free vim es vulnerable a un Uso de Memoria previamente Liberada • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD https://lists.fedoraproject.org/archives/list/package& • CWE-416: Use After Free •