CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48235 – overflow in ex address parsing in vim
https://notcve.org/view.php?id=CVE-2023-48235
Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. • http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messag • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48236 – overflow in get_number in vim
https://notcve.org/view.php?id=CVE-2023-48236
Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. • http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messag • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48237 – overflow in shift_line in vim
https://notcve.org/view.php?id=CVE-2023-48237
In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. • http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messag • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22305
https://notcve.org/view.php?id=CVE-2023-22305
Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-36395 – Windows Deployment Services Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-36395
Windows Deployment Services Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Windows Deployment Services. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36395 • CWE-190: Integer Overflow or Wraparound •