CVE-2023-4752 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2023-4752
Use After Free in GitHub repository vim/vim prior to 9.0.1858. Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1858. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF https://lists.fedoraproject.org/archives • CWE-416: Use After Free •
CVE-2023-4734 – Integer Overflow or Wraparound in vim/vim
https://notcve.org/view.php?id=CVE-2023-4734
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub vim/vim version anterior a 9.0.1846. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217 https://support.apple.com/kb/HT213984 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-48503 – webkitgtk: improper bounds checking leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48503
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. El problema se solucionó con comprobaciones de límites mejoradas. Este problema se ha solucionado en tvOS 15.6, watchOS 8.7, iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 and Safari 15.6. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://access.redhat.com/security/cve/CVE-2022-48503 https://bugzilla.redhat.com/show_bug.cgi?id=2218623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-22646
https://notcve.org/view.php?id=CVE-2022-22646
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file system. Este problema se solucionó eliminando el código vulnerable. Este problema se ha solucionado en macOS Monterey 12.2. • https://support.apple.com/en-us/HT213054 •
CVE-2022-46706
https://notcve.org/view.php?id=CVE-2022-46706
A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges. Se ha solucionado un problema de confusión de tipos mejorando la gestión de estados. Este problema se ha corregido en la actualización de seguridad 2022-003 Catalina, macOS Monterey 12.3 y macOS Big Sur 11.6.5. • https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •