CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2289 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2289
Use After Free in GitHub repository vim/vim prior to 9.0. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0 • https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-34911
https://notcve.org/view.php?id=CVE-2022-34911
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.7, 1.36.x y 1.37.x anteriores a 1.37.3, y 1.38.x anteriores a 1.38.1. Un ataque de tipo XSS puede ocurrir en configuraciones que permiten una carga útil de JavaScript en un nombre de usuario. • https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B https://phabricator.wikimedia.org/T308471 https://security.gentoo.org/glsa/202305-24 https://www.debian.org/security/2022/dsa-5246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34912
https://notcve.org/view.php?id=CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. Se ha descubierto un problema en MediaWiki versiones anteriores a 1.37.3 y en versiones 1.38.x anteriores a 1.38.1. El contributions-title, usa en Special:Contributions, es usadao como título de la página sin escapar. • https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B https://phabricator.wikimedia.org/T308473 https://security.gentoo.org/glsa/202305-24 https://www.debian.org/security/2022/dsa-5246 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-2285 – Integer Overflow or Wraparound in vim/vim
https://notcve.org/view.php?id=CVE-2022-2285
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub vim/vim versiones anteriores a 9.0 • https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736 https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2284 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-2284
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Un Desbordamiento del Búfer en la Región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0 • https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794 https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-122: Heap-based Buffer Overflow •