CVE-2023-4736 – Untrusted Search Path in vim/vim
https://notcve.org/view.php?id=CVE-2023-4736
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. Ruta de búsqueda no fiable en el repositorio de GitHub vim/vim anterior a la versión 9.0.1833. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71 https://support.apple.com/kb/HT213984 • CWE-426: Untrusted Search Path •
CVE-2023-4735 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2023-4735
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. Escritura fuera de límites en el repositorio de GitHub vim/vim en versiones anteriores a la 9.0.1847. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51 https://support.apple.com/kb/HT213984 • CWE-787: Out-of-bounds Write •
CVE-2023-4734 – Integer Overflow or Wraparound in vim/vim
https://notcve.org/view.php?id=CVE-2023-4734
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub vim/vim version anterior a 9.0.1846. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217 https://support.apple.com/kb/HT213984 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-3236
https://notcve.org/view.php?id=CVE-2021-3236
vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. vim 8.2.2348 se ve afectado por la desreferencia del puntero nulo, permite a los atacantes locales provocar una denegación de servicio (DoS) a través del método ex_buffer_all. • https://github.com/vim/vim/issues/7674 https://security.netapp.com/advisory/ntap-20230915-0001 • CWE-476: NULL Pointer Dereference •
CVE-2023-3896 – A divide by zero issue existed in vim of OpenCloudOS Stream
https://notcve.org/view.php?id=CVE-2023-3896
Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 • https://github.com/vim/vim/issues/12528 https://github.com/vim/vim/pull/12540 https://security.netapp.com/advisory/ntap-20230831-0012 • CWE-369: Divide By Zero •