CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-2000 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2022-2000
07 Jun 2022 — Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Una Escritura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Vim could be made to recurse infinitely. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1968 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-1968
02 Jun 2022 — Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the program to crash, use unexpected values, or execute arbitrary code. It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, o... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1942 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-1942
31 May 2022 — Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento de Búfer en la Región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-1927 – Buffer Over-read in vim/vim
https://notcve.org/view.php?id=CVE-2022-1927
29 May 2022 — Buffer Over-read in GitHub repository vim/vim prior to 8.2. Una lectura excesiva del Búfer en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management f... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1897 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2022-1897
27 May 2022 — Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Una Escritura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Ma... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1898 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-1898
27 May 2022 — Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-26691 – cups: authorization bypass when using "local" authorization
https://notcve.org/view.php?id=CVE-2022-26691
26 May 2022 — A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3, macOS Big Sur versión 11.6.5. • https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-697: Incorrect Comparison •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26690
https://notcve.org/view.php?id=CVE-2022-26690
26 May 2022 — Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. Descripción: Ha sido abordado una condición de carrera con una comprobación adicional. Este problema es corregido en macOS Monterey 12.3. • https://support.apple.com/en-us/HT213183 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-26688 – Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-26688
26 May 2022 — An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. Se abordó un problema en el manejo de los enlaces simbólicos con una comprobación mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3 y macOS Big Sur versión 11.6.5. • https://support.apple.com/en-us/HT213183 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22676 – Apple macOS PackageKit PKInstallService Directory Traversal System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-22676
26 May 2022 — An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission. Se abordó un problema de comprobación de manejadores de eventos en la API de servicios XPC mediante la eliminación del servicio. Este problema es corregido en macOS Monterey versión 12.2. • https://support.apple.com/en-us/HT213054 •