CVE-2021-4166 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2021-4166
vim is vulnerable to Out-of-bounds Read vim es vulnerable a una Lectura Fuera de Límites • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD https://lists.fedoraproject.org/archives/list/package& • CWE-125: Out-of-bounds Read •
CVE-2020-3886
https://notcve.org/view.php?id=CVE-2020-3886
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema se ha corregido en macOS Catalina versión 10.15.4, Actualización de seguridad 2020-002 Mojave, Actualización de seguridad 2020-002 High Sierra. • https://support.apple.com/en-us/HT211100 • CWE-416: Use After Free •
CVE-2020-3896
https://notcve.org/view.php?id=CVE-2020-3896
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files. Este problema se abordó al eliminar el código vulnerable. Este problema se ha corregido en macOS Catalina versión 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. • https://support.apple.com/en-us/HT211100 •
CVE-2019-8702
https://notcve.org/view.php?id=CVE-2019-8702
This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier. Este problema se abordó con una nueva asignación de derechos. Este problema es corregido en macOS Mojave versión 10.14.6, actualización de seguridad 2019-004 High Sierra, actualización de seguridad 2019-004 Sierra, iOS versión 12.4, tvOS versión 12.4. • https://support.apple.com/en-us/HT210346 https://support.apple.com/en-us/HT210348 https://support.apple.com/en-us/HT210351 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2017-13908
https://notcve.org/view.php?id=CVE-2017-13908
An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share. Se abordó un problema en el manejo de los permisos de los archivos con una comprobación mejorada. Este problema es corregido en macOS High Sierra versión 10.13.1, Security Update 2017-001 Sierra y Security Update 2017-004 El Capitan, macOS High Sierra versión 10.13. • https://support.apple.com/en-us/HT208144 https://support.apple.com/en-us/HT208221 •