CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0443 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-0443
Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim de versiones anteriores a 8.2 • https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0417 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0417
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. Un desbordamiento de búfer basado en Heap Repositorio de GitHub vim/vim anterior a 8.2 • https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0413 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-0413
Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim anterior a la versión 8.2. A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0408 – Stack-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0408
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Desbordamiento de búfer basado en la pila en el repositorio de GitHub vim/vim anterior a la versión 8.2. • https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 35EXPL: 0CVE-2021-4160 – BN_mod_exp may produce incorrect results on MIPS
https://notcve.org/view.php?id=CVE-2021-4160
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb https://security.gentoo.org/glsa/202210-02 https://security.netapp.com/advisory/ntap-20240621-0006 https://www.debian.org/security/2022/dsa-5103 •